Bulk imports refresh tokens. This request performs minimal validation and runs batch inserts of refresh tokens with the expectation that each token represents a user that already exists and is registered for the corresponding FusionAuth Application. This is done to increases the insert performanc...
Handles credentials or secrets (requestBody.refreshTokens[].token); High parameter count (20 properties)
Part of the Mcp Api MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents use importRefreshTokensWithId to create or modify resources in Mcp Api. Write operations carry medium risk because an autonomous agent could trigger bulk unintended modifications. Rate limits prevent a single agent session from making hundreds of changes in rapid succession. Argument validation ensures the agent passes expected values.
Without a policy, an AI agent could call importRefreshTokensWithId repeatedly, creating or modifying resources faster than any human could review. Intercept's rate limiting ensures write operations happen at a controlled pace, and argument validation catches malformed or unexpected inputs before they reach Mcp Api.
Write tools can modify data. A rate limit prevents runaway bulk operations from AI agents.
tools:
importRefreshTokensWithId:
rules:
- action: allow
rate_limit:
max: 30
window: 60See the full Mcp Api policy for all 310 tools.
Bulk imports refresh tokens. This request performs minimal validation and runs batch inserts of refresh tokens with the expectation that each token represents a user that already exists and is registered for the corresponding FusionAuth Application. This is done to increases the insert performance. Therefore, if you encounter an error due to a database key violation, the response will likely offer a generic explanation. If you encounter an error, you may optionally enable additional validation to receive a JSON response body with specific validation errors. This will slow the request down but will allow you to identify the cause of the failure. See the validateDbConstraints request parameter.. It is categorised as a Write tool in the Mcp Api MCP Server, which means it can create or modify data. Consider rate limits to prevent runaway writes.
Add a rule in your Intercept YAML policy under the tools section for importRefreshTokensWithId. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Mcp Api MCP server.
importRefreshTokensWithId is a Write tool with medium risk. Write tools should be rate-limited to prevent accidental bulk modifications.
Yes. Add a rate_limit block to the importRefreshTokensWithId rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for importRefreshTokensWithId. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
importRefreshTokensWithId is provided by the Mcp Api MCP server (@fusionauth/mcp-api). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept