| id | MCPX_HTTP_401 |
|---|---|
| title | MCPX_HTTP_401 |
| sidebar_label | HTTP 401 |
| description | The MCP server responded 401 Unauthorized. |
Severity: error Domain: HTTP
The upstream MCP server returned 401 Unauthorized. mcpproxy either had no
credentials, or the credentials it presented were rejected.
- No OAuth token has been obtained yet for this server.
- The OAuth access token expired and the refresh path also failed (see
MCPX_OAUTH_REFRESH_EXPIRED/MCPX_OAUTH_REFRESH_403). - A static bearer token in
headerswas rotated server-side. - The
Authorizationheader is being stripped by an intermediary proxy.
mcpproxy upstream login <server-name>Or click Log in again on the server's web UI page.
If the server uses a static API token (e.g. headers.Authorization: Bearer …),
generate a new token in that vendor's console and update the upstream config:
{ "headers": { "Authorization": "Bearer <new-token>" } }Then restart that single server: mcpproxy upstream restart <server-name>.
mcpproxy activity list --request-id <id> # locate the failing callThe activity record includes the request ID and (redacted) headers.
- OAuth Authentication
MCPX_HTTP_403— authenticated but lacks permission