A valid request URL is required to generate request examples{
"authorize_url": "<string>",
"session_id": "<string>",
"submit_url": "<string>"
}Re-authenticate or edit an MCP session
Mints a fresh authentication flow against the same MCP client and identity as the existing row. Two branches based on row type:
- OAuth token (any non-
orphanedrow, typicallyneeds_reauth— butactiveis also accepted) — opens a fresh upstream OAuth consent flow. Caller is expected to followauthorize_urlto the provider; on callback the credential is replaced in place. - Header credential (
activeorneeds_update) — opens a fresh per-user-headers submission flow. Caller follows the same URL field to the Bifrost submission form; on submit the credential is replaced in place.kind: "headers"is set on the response.
Refused with 403 if the row is orphaned — a fresh credential wouldn’t
help; the issue is the identity has lost access to the MCP, which the
admin must fix.
A valid request URL is required to generate request examples{
"authorize_url": "<string>",
"session_id": "<string>",
"submit_url": "<string>"
}Authorizations
Management API authentication for /api/* endpoints. Use the Authorization header with Bearer <API key>.
Virtual keys, dashboard/user/session tokens, and x-api-key headers are not supported on management APIs.
Path Parameters
Session row ID (OAuth token or header credential)
Response
Fresh flow opened
Response for POST /api/mcp/sessions/{id}/reauth. Returns the URL the caller must visit to complete the fresh authentication / resubmission.
Where the caller must go. For OAuth rows this is the upstream provider's authorize page (via a Bifrost intermediate). For header credential rows it's the Bifrost submission form for the new flow.
ID of the freshly-minted flow row
Set only on header re-auth and identical to authorize_url. Kept for callers that want to be explicit about the underlying surface.
Set only on header re-auth
oauth, headers Was this page helpful?