MCPX_HTTP_401

Severity: error Domain: HTTP

What happened

The upstream MCP server returned 401 Unauthorized. mcpproxy either had no credentials, or the credentials it presented were rejected.

Common causes

• No OAuth token has been obtained yet for this server.
• The OAuth access token expired and the refresh path also failed (see MCPX_OAUTH_REFRESH_EXPIRED / MCPX_OAUTH_REFRESH_403).
• A static bearer token in headers was rotated server-side.
• The Authorization header is being stripped by an intermediary proxy.

How to fix

Re-authenticate via OAuth

mcpproxy upstream login <server-name>

Or click Log in again on the server's web UI page.

Refresh static credentials

If the server uses a static API token (e.g. headers.Authorization: Bearer …), generate a new token in that vendor's console and update the upstream config:

{ "headers": { "Authorization": "Bearer <new-token>" } }

Then restart that single server: mcpproxy upstream restart <server-name>.

Confirm the token is sent

mcpproxy activity list --request-id <id>          # locate the failing call

The activity record includes the request ID and (redacted) headers.

Related

• OAuth Authentication
• MCPX_HTTP_403 — authenticated but lacks permission