`MCPX_HTTP_401`

Severity: error Domain: HTTP

What happened

The upstream MCP server returned 401 Unauthorized. mcpproxy either had no credentials, or the credentials it presented were rejected.

Common causes

No OAuth token has been obtained yet for this server.
The OAuth access token expired and the refresh path also failed (see MCPX_OAUTH_REFRESH_EXPIRED / MCPX_OAUTH_REFRESH_403).
A static bearer token in headers was rotated server-side.
The Authorization header is being stripped by an intermediary proxy.

How to fix

Re-authenticate via OAuth

mcpproxy upstream login <server-name>

Or click Log in again on the server's web UI page.

Refresh static credentials

If the server uses a static API token (e.g. headers.Authorization: Bearer …), generate a new token in that vendor's console and update the upstream config:

{ "headers": { "Authorization": "Bearer <new-token>" } }

Then restart that single server: mcpproxy upstream restart <server-name>.

Confirm the token is sent

mcpproxy activity list --request-id <id>          # locate the failing call

The activity record includes the request ID and (redacted) headers.

OAuth Authentication
MCPX_HTTP_403 — authenticated but lacks permission

What happened​

Common causes​

How to fix​

Re-authenticate via OAuth​

Refresh static credentials​

Confirm the token is sent​

Related​