A valid request URL is required to generate request examples{
"access_token": "abc123xyz...",
"token_type": "Bearer",
"expires_in": 86400,
"scope": "mcp:read mcp:write"
}Token endpoint (OAuth 2.1)
OAuth 2.1 token endpoint. Exchanges a single-use authorization code (5-minute TTL) for a Bifrost-issued access token (24-hour TTL) using PKCE verification.
The request body must be application/x-www-form-urlencoded.
The returned access_token is the Bearer token to use on subsequent /mcp requests.
It carries the user’s upstream service tokens (Notion, GitHub, etc.) linked to their
identity (Virtual Key or User ID) from the consent flow.
Authentication is not required - this is part of the unauthenticated OAuth bootstrap flow.
A valid request URL is required to generate request examples{
"access_token": "abc123xyz...",
"token_type": "Bearer",
"expires_in": 86400,
"scope": "mcp:read mcp:write"
}Documentation Index
Fetch the complete documentation index at: https://docs.getbifrost.ai/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Bearer token authentication. Use your provider API key or Bifrost authentication token.
Virtual keys (prefixed with sk-bf-) can also be passed here.
Body
Must be authorization_code
authorization_code Authorization code received in the redirect callback
PKCE code verifier - the raw secret whose SHA-256 matches the code_challenge
Must match the redirect_uri used in the authorize request (if provided)
Client ID (optional - code is already bound to the client)
Response
Token issued successfully
OAuth 2.1 token response from the token endpoint
Was this page helpful?