Skip to main content
POST
/
api
/
oauth
/
per-user
/
token
Error
A valid request URL is required to generate request examples
{
  "access_token": "abc123xyz...",
  "token_type": "Bearer",
  "expires_in": 86400,
  "scope": "mcp:read mcp:write"
}

Authorizations

Authorization
string
header
required

Bearer token authentication. Use your provider API key or Bifrost authentication token. Virtual keys (prefixed with sk-bf-) can also be passed here.

Body

application/x-www-form-urlencoded
grant_type
enum<string>
required

Must be authorization_code

Available options:
authorization_code
code
string
required

Authorization code received in the redirect callback

code_verifier
string
required

PKCE code verifier — the raw secret whose SHA-256 matches the code_challenge

redirect_uri
string

Must match the redirect_uri used in the authorize request (if provided)

client_id
string

Client ID (optional — code is already bound to the client)

Response

Token issued successfully

OAuth 2.1 token response from the token endpoint

access_token
string

Bifrost-issued access token (24h TTL). Use as Bearer token on /mcp requests.

token_type
string

Token type, always "Bearer"

Example:

"Bearer"

expires_in
integer

Seconds until the access token expires (86400 for 24h)

Example:

86400

scope
string

Space-separated scopes granted