web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
šŸš€ Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / MCP Tool Issue with AP...
Copilot Studio
Answered

MCP Tool Issue with API Key Authorization

(1) ShareShare
ReportReport
Posted on by AA-29041637-0 6

Hi,

Iā€™m trying to add a Vendor MCP server to Copilot Studio.

What works:


  • MCP server can be added with an Agent -> Tools

  • API key connection is created successfully

  • Header name is Authorization, value is Bearer <key>


    •  

What doesnā€™t:


  • After saving the connection, Copilot Studio fails to load tools

  • I get ā€œConnector request failed / couldnā€™t retrieve resourceā€

  • Error shown is a JSONā€‘RPC -32603 internal error

  • Result: no tools available

  • See error attached

This is a vendorā€‘managed MCP server. We donā€™t host or configure it ā€” we just enable it and use the API key they provide.

It looks like Copilot Studio tries to read the MCP schema before authentication, but this MCP server requires auth for schema access. The connection itself works, but tool discovery fails right after.

Categories:
Model context protocol
I have the same question (0)
  • Verified answer
    Nivedipa-MSFT Profile Picture
    Nivedipa-MSFT Microsoft Employee on at
    Hello AA-29041637-0,

    Encountering a -32603 error on tools/list right after a successful connection typically points to one of three causes:

    1. Copilot Studio may not be sending the Authorization header during the discovery call. While the header is included on invocation, it might be missing on initialize/tools/list, especially when using SSE. Consider using the vendorā€™s streamable HTTP endpoint instead of SSE, or try /mcp instead of /sse.
    2. The server may require authentication on the SSE GET and could return a 500 error rather than a 401. This would need to be addressed by the vendor.
    3. The server might require OAuth 2.1, and the API key option is only valid for CLI clients. In this case, update your connector to use OAuth 2.0 with the appropriate auth/token URLs from the vendor rather than an API key.

    Quick 5-minute check ā€” run this from your machine using the same key:

    curl -X POST https://<vendor>/mcp \
      -H "Authorization: Bearer <key>" \
      -H "Content-Type: application/json" \
      -H "Accept: application/json, text/event-stream" \
      -d '{"jsonrpc":"2.0","id":1,"method":"tools/list"}'

    • If it works, the issue is with Copilot Studio; try changing the transport and notify Microsoft and the vendor.
    • If you get a 401, the API key isnā€™t truly supported, so OAuth is required.
    • If you see the same -32603, itā€™s a server-side problem; share the request/response with the vendor.

    Additional things to check: Make sure thereā€™s no trailing whitespace in the key, the Bearer prefix is correct, no egress proxy is removing the Authorization header, and the Copilot Studio environment region matches the vendor endpoint.

    Be aware of: API key storage (Key Vault), Recurrence time zone (defaults to UTC), and the premium HTTP connector. If you donā€™t have access to the premium connector, consider calling the API from an Azure Function and triggering the flow from there.

  • Verified answer
    Valantis Profile Picture
    Valantis 6,216 on at
     
    The answer above steps are spot on. One confirmed thing from Microsoft docs worth highlighting for your situation:

    Copilot Studio no longer supports SSE transport for MCP after August 2025. If your vendor's MCP server is using an SSE endpoint (/sse), that is confirmed to not work in Copilot Studio regardless of authentication. The supported transport is streamable HTTP. Ask your vendor if they expose a streamable HTTP endpoint (typically /mcp) and use that URL instead.

    If the vendor only has SSE and won't add streamable HTTP, this is a blocker that needs to go back to them Copilot Studio won't support it.
    Ref: https://learn.microsoft.com/en-us/microsoft-copilot-studio/mcp-add-existing-server-to-agent
     

     

    Best regards,

    Valantis

     

    āœ… If this helped solve your issue, please Accept as Solution so others can find it quickly.

    ā¤ļø If it didnā€™t fully solve it but was still useful, please click ā€œYesā€ on ā€œWas this reply helpful?ā€ or leave a Like :).

    🏷ļø For follow-ups  @Valantis.

    📝 https://valantisond365.com/

    💼 LinkedIn

    ā–¶ļø YouTube

  • Nivedipa-MSFT Profile Picture
    Nivedipa-MSFT Microsoft Employee on at
    Hello AA-29041637-0,
    If you found the information above helpful, I would appreciate it if you could share your feedback.
    Your feedback is important to us. Please rate us:

    🤩 Excellent 🙂 Good 😐 Average 🙁 Needs Improvement 😠 Poor

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
šŸš€ Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Valantis Profile Picture

Valantis 256

#2
Romain The Low-Code Bearded Bear Profile Picture

Romain The Low-Code... 208 Super User 2026 Season 1

#3
Vish WR Profile Picture

Vish WR 198

Last 30 days Overall leaderboard

Featured topics

Announcing the "Microsoft Copilot Studio ā¤ļø MCP" lab
Block PII/PCI in Copilot Studio agent user prompt

Product updates

Microsoft Power Platform Community release plans