Skip to main content
GET
/
.well-known
/
oauth-protected-resource
Error
A valid request URL is required to generate request examples
{
  "resource": "https://your-bifrost-domain.com/mcp",
  "authorization_servers": [
    "https://your-bifrost-domain.com"
  ],
  "scopes_supported": [
    "mcp:read",
    "mcp:write"
  ],
  "bearer_methods_supported": [
    "header"
  ]
}

Authorizations

Authorization
string
header
required

Bearer token authentication. Use your provider API key or Bifrost authentication token. Virtual keys (prefixed with sk-bf-) can also be passed here.

Response

Protected resource metadata

OAuth 2.0 Protected Resource Metadata per RFC 9728. Returned by /.well-known/oauth-protected-resource to tell MCP clients which authorization server(s) protect the /mcp endpoint.

resource
string

URL of the protected resource (Bifrost's /mcp endpoint)

Example:

"https://your-bifrost-domain.com/mcp"

authorization_servers
string[]

List of authorization server issuer URLs

Example:
["https://your-bifrost-domain.com"]
scopes_supported
string[]

Scopes supported by this resource

Example:
["mcp:read", "mcp:write"]
bearer_methods_supported
string[]

Supported methods for passing Bearer tokens

Example:
["header"]