Files
bifrost/docs/enterprise/mcp-with-fa.mdx
Beyhan Oğur 880f412e2c first commit
2026-04-26 21:52:23 +03:00

189 lines
4.9 KiB
Plaintext

---
title: "MCP with Federated Auth"
description: "Transform your existing private enterprise APIs into LLM-ready MCP tools using federated authentication without writing a single line of code"
icon: "screwdriver-wrench"
---
Transform your existing private enterprise APIs into LLM-ready MCP tools instantly. Add your APIs along with authentication information, and Bifrost dynamically syncs user authentication to allow these existing APIs to be used as MCP tools.
## Supported Import Methods
Add your existing APIs to Bifrost using any of these methods:
<Tabs>
<Tab title="Postman Collection">
Import your existing Postman collections directly into Bifrost. All request configurations, headers, and parameters are preserved.
```json
{
"info": {
"name": "Enterprise API Collection",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
},
"item": [
{
"name": "Get User Profile",
"request": {
"method": "GET",
"header": [
{
"key": "Authorization",
"value": "{{req.header.authorization}}",
"type": "text"
}
],
"url": {
"raw": "https://api.company.com/users/profile",
"host": ["api", "company", "com"],
"path": ["users", "profile"]
}
}
}
]
}
```
</Tab>
<Tab title="OpenAPI Spec">
Use your existing OpenAPI 3.0+ specifications. Bifrost automatically converts them into MCP-compatible tools.
```yaml
openapi: 3.0.0
info:
title: Enterprise API
version: 1.0.0
paths:
/users/profile:
get:
summary: Get user profile
security:
- BearerAuth: []
parameters:
- name: Authorization
in: header
schema:
type: string
example: "{{req.header.authorization}}"
components:
securitySchemes:
BearerAuth:
type: http
scheme: bearer
```
</Tab>
<Tab title="cURL Commands">
Convert your existing cURL commands directly into MCP tools.
```bash
curl -X GET "https://api.company.com/users/profile" \
-H "Authorization: {{req.header.authorization}}" \
-H "Content-Type: application/json"
```
</Tab>
<Tab title="Built-in UI">
Use Bifrost's intuitive UI to manually configure your API endpoints with the same ease as Postman.
1. Set HTTP method and URL
2. Configure headers with variable substitution
3. Define request body (if needed)
4. Test the endpoint
5. Deploy as MCP tool
</Tab>
</Tabs>
## What Happens Next
Once you upload your API specifications, Bifrost automatically:
- **Syncs authentication systems** from your existing APIs
- **Converts endpoints** into MCP-compatible tools
- **Maintains security** using your current auth infrastructure
- **Makes APIs available** to LLMs instantly
## Supported Authentication Types
Bifrost automatically handles all common authentication patterns:
- **Bearer Tokens** (JWT, OAuth)
- **API Keys** (headers, query parameters)
- **Custom Headers** (tenant IDs, user tokens)
- **Basic Auth** and other standard methods
## Real-World Use Cases
### Enterprise CRM Integration
Transform your Salesforce, HubSpot, or custom CRM APIs:
```json
{
"name": "Get Customer Data",
"method": "GET",
"url": "https://api.company.com/crm/customers/{{req.body.customer_id}}",
"headers": {
"Authorization": "{{req.header.authorization}}",
"X-Tenant-ID": "{{req.header.x-tenant-id}}"
}
}
```
### Internal Microservices
Make your internal microservices LLM-accessible:
```yaml
paths:
/internal/user-service/profile:
get:
parameters:
- name: Authorization
in: header
schema:
type: string
default: "{{req.header.authorization}}"
- name: X-Service-Token
in: header
schema:
type: string
default: "{{env.INTERNAL_SERVICE_TOKEN}}"
```
### Database APIs
Connect to your database APIs securely:
```http
POST https://db-api.company.com/query
Content-Type: application/json
Authorization: {{req.header.authorization}}
X-Database-Name: {{req.header.x-database}}
{
"query": "SELECT * FROM users WHERE tenant_id = '{{req.body.tenant_id}}'",
"limit": 100
}
```
## Security Benefits
### 1. **Zero Trust Architecture**
- Authentication happens at the edge (your existing systems)
- Bifrost never stores or caches authentication credentials
- Each request is authenticated independently
### 2. **Existing Security Policies**
- Leverage your current RBAC (Role-Based Access Control)
- Maintain existing audit trails
- No changes to security infrastructure required
### 3. **Granular Access Control**
- Different users get different API access based on their credentials
- Tenant isolation maintained through existing headers
- API rate limiting and quotas preserved
### 4. **Compliance Friendly**
- No sensitive data passes through Bifrost permanently
- Existing compliance frameworks remain intact
- Audit trails maintained in your systems