Try Bifrost Enterprise free for 14 days. Explore now
API Reference
- GETOAuth callback endpoint
- GETGet OAuth config status
- DELRevoke OAuth config
- POSTRegister OAuth client (RFC 7591)
- GETAuthorization endpoint (OAuth 2.1)
- POSTToken endpoint (OAuth 2.1)
- GETUpstream OAuth proxy - authorize with upstream service
- GETProtected Resource Metadata (RFC 9728)
- GETAuthorization Server Metadata (RFC 8414)
A valid request URL is required to generate request examples{
"event_id": "<string>",
"type": "<string>",
"is_bifrost_error": true,
"status_code": 123,
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"param": "<string>",
"event_id": "<string>"
},
"extra_fields": {
"provider": "openai",
"model_requested": "<string>",
"request_type": "<string>"
}
}Upstream OAuth proxy - authorize with upstream service
Initiates an OAuth flow with an upstream MCP service (Notion, GitHub, etc.) on behalf of the current user. Used during the consent flow (via “Connect” buttons on the MCPs page) and at runtime when a tool call is made to an unauthenticated service.
Consent flow - provide flow_id (from the pending consent flow). The browser-binding
cookie (__bifrost_flow_secret) is validated.
Runtime flow - provide session (the Bifrost session ID from the token endpoint).
Used when a service was skipped during consent and needs to be connected later.
On success, redirects the user to the upstream provider’s authorize URL. After the user
grants access, the upstream callback lands at /api/oauth/callback, stores the upstream
token against the user’s identity, and redirects back to the consent screen (consent flow)
or returns an authorization success page (runtime flow).
Authentication is not required - cookie/session validation is performed instead.
A valid request URL is required to generate request examples{
"event_id": "<string>",
"type": "<string>",
"is_bifrost_error": true,
"status_code": 123,
"error": {
"type": "<string>",
"code": "<string>",
"message": "<string>",
"param": "<string>",
"event_id": "<string>"
},
"extra_fields": {
"provider": "openai",
"model_requested": "<string>",
"request_type": "<string>"
}
}Documentation Index
Fetch the complete documentation index at: https://docs.getbifrost.ai/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Bearer token authentication. Use your provider API key or Bifrost authentication token.
Virtual keys (prefixed with sk-bf-) can also be passed here.
Query Parameters
ID of the per-user OAuth MCP client to authenticate with
Pending consent flow ID. Required if session is not provided.
The __bifrost_flow_secret cookie must be present and match the flow.
Bifrost session ID (from the token endpoint). Required if flow_id is not provided.
Used for runtime (post-consent) upstream authorization.
Response
Redirect to upstream OAuth provider's authorize URL
Was this page helpful?