A valid request URL is required to generate request examples{
"sessions": [
{
"id": "<string>",
"created_at": "2023-11-07T05:31:56Z",
"can_reauth": true,
"user_id": "<string>",
"user": {
"id": "<string>",
"name": "<string>"
},
"virtual_key": {
"id": "<string>",
"name": "<string>"
},
"mcp_client": {
"client_id": "<string>",
"name": "<string>"
},
"session_id": "<string>",
"expires_at": "2023-11-07T05:31:56Z",
"last_refreshed_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"oauth_config_id": "<string>"
}
]
}List MCP sessions
Returns every per-user MCP authentication artifact visible to the caller — OAuth tokens, header credentials, and pending submission / consent flows.
Row visibility is scoped to the caller’s identity (Virtual Key, signed-in
user, or asserted session ID). Server-level headers / oauth clients
are not surfaced here; their credentials live on the MCP client config.
When both a credential and a pending flow exist for the same
(identity, mcp_client) binding, the credential is returned and the
flow is suppressed to avoid duplicate entries.
A valid request URL is required to generate request examples{
"sessions": [
{
"id": "<string>",
"created_at": "2023-11-07T05:31:56Z",
"can_reauth": true,
"user_id": "<string>",
"user": {
"id": "<string>",
"name": "<string>"
},
"virtual_key": {
"id": "<string>",
"name": "<string>"
},
"mcp_client": {
"client_id": "<string>",
"name": "<string>"
},
"session_id": "<string>",
"expires_at": "2023-11-07T05:31:56Z",
"last_refreshed_at": "2023-11-07T05:31:56Z",
"updated_at": "2023-11-07T05:31:56Z",
"oauth_config_id": "<string>"
}
]
}Authorizations
Management API authentication for /api/* endpoints. Use the Authorization header with Bearer <API key>.
Virtual keys, dashboard/user/session tokens, and x-api-key headers are not supported on management APIs.
Response
Sessions visible to the caller
Show child attributes
Show child attributes
Was this page helpful?