Folks: We are having issue with MCP servers using openAI. Those that dont need API Key/auth params works but anything needing key is not working for us. Anyone figured out? We tried Stripe and couple others
#MCP with auth params
sage iris
mossy vineBOT
Hi @sage iris. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
If your MCP server works without authentication but fails when you add API key or auth parameters, the most common issue is not passing the required authentication headers correctly in your Responses API request.
To authenticate with most MCP servers (like Stripe), you need to include the appropriate headers (usually an Authorization header) in the tools block of your API call. Here’s an example of how to do this:
{
"model": "gpt-4.1",
"input": "Create a payment link for $20",
"tools": [
{
"type": "mcp",
"server_label": "stripe",
"server_url": "<https://mcp.stripe.com",>
"headers": {
"Authorization": "Bearer $STRIPE_API_KEY"
}
}
]
}
Make sure:
- The
headersobject is included inside the MCP tool definition. - The API key or token is valid and has the necessary permissions.
- You send the full
server_urland theheaderswith every Responses API request, as OpenAI does not store these values between requests for security reasons.
If you omit the headers or misplace them, the MCP server will reject the request due to missing authentication, which matches the issue you’re describing. Also, ensure you’re not accidentally exposing your API keys, and that you’re using the correct key for the service you’re connecting to.
For more details and code samples, see the Remote MCP Authentication documentation.
If you’re still having trouble after following this pattern, double-check the MCP server’s documentation for any additional authentication requirements or header formats. If the problem persists, it may be a server-specific issue or a misconfiguration on the MCP server side.
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
sage iris
@mossy vine what about for the MCP servers that need auth token
mossy vineBOT
Let me check the knowledge base for you again. One moment! :books:
For MCP servers that require an auth token, you need to include the appropriate authentication headers (such as an Authorization header with your token) in the headers field of the MCP tool definition in your Responses API request. Here’s how you do it:
{
"model": "gpt-4.1",
"input": "Create a payment link for $20",
"tools": [
{
"type": "mcp",
"server_label": "stripe",
"server_url": "<https://mcp.stripe.com",>
"headers": {
"Authorization": "Bearer $STRIPE_API_KEY"
}
}
]
}
- The
headersobject should contain your auth token or API key as required by the MCP server. - You must include the full
server_urland theheadersin every API request, as OpenAI does not store these values for you. - The most common header is
Authorization, but you should use whatever the MCP server requires.
This approach is documented in the Remote MCP Authentication guide. If you follow this pattern and still encounter issues, double-check the token format and the MCP server’s requirements.
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
sage iris
No...if it requires oauth and tokens are issues on the fly @mossy vine
mossy vineBOT
Let me check the knowledge base for you again. One moment! :books:
If your MCP server requires OAuth and issues tokens dynamically (i.e., users must go through an OAuth flow to obtain an access token), the process is different from simply passing a static API key in the headers.
How it works:
- When you connect a remote MCP server that uses OAuth in ChatGPT, users will be prompted to complete an OAuth flow to your application. This is supported by OpenAI’s platform, and is the recommended approach for secure, user-specific authentication.
- After connecting, the user will see a "Sign in to [your app]" button in the ChatGPT UI. Upon successful authentication, ChatGPT will handle the token exchange and include the access token in the
Authorizationheader for subsequent tool calls to your MCP server. - As the MCP server developer, you should implement OAuth and (optionally) dynamic client registration as described in the OpenAI documentation. The protocol is detailed further in the MCP user guide.
Key points:
- You do not manually pass the token in the API call; the OAuth flow is handled by ChatGPT and the user.
- Your MCP server must support OAuth, and you must register the correct callback/redirect URLs as required by OpenAI (e.g.,
<https://chat.openai.com/aip/{g-YOUR-GPT-ID-HERE}/oauth/callback>) see details here. - After the user authenticates, ChatGPT will automatically include the access token in the
Authorizationheader for requests to your MCP server.
Reference:
"As someone building a custom remote MCP server, authorization and authentication help you protect your data. We recommend using OAuth and dynamic client registration... After connecting your custom remote MCP server in ChatGPT, users in your workspace will get an OAuth flow to your application."
Build an MCP server – Handle authentication
If you are having issues, double-check that:
- Your OAuth endpoints are correctly implemented and accessible.
- The callback URL is registered and matches what OpenAI provides.
- Your server issues tokens as expected and supports the required OAuth flows.
If you need more implementation details, see the OpenAI Actions OAuth documentation.
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
sage iris
@mossy vine can MCP server be used as a function call within the context of openai assistant
mossy vineBOT
Let me check the knowledge base for you again. One moment! :books:
Yes, an MCP server can be used as a function call within the context of OpenAI Assistants, but with some important clarifications:
-
In the OpenAI platform, MCP servers are exposed to models as tools. When you configure an Assistant (or use the Responses API), you can add a remote MCP server as a tool. The model will then be able to "call" the tools exposed by that MCP server as if they were functions, using the standard function calling interface. This allows the model to invoke external capabilities or fetch data via the MCP protocol, just like it would with a custom function or other built-in tools. The MCP tool is available in the Responses API and is supported across new models like GPT-4o and GPT-4.1 Remote MCP Guide.
-
How it works: When you attach a remote MCP server to the
toolsarray in your API request, the model imports the tool definitions from the server. The model can then decide to call these tools as needed, and each invocation is handled as a function call, with arguments and outputs managed in the model's context Step 2: Calling tools. -
In the Assistants API: While the documentation primarily details MCP tool usage in the Responses API, the underlying mechanism is the same: the model can call MCP tools as functions, provided they are configured as tools in the Assistant's setup. The MCP tool is not a "function" in the sense of a user-defined function, but it is functionally equivalent from the model's perspective.
Summary:
You can use an MCP server as a function-like tool within OpenAI Assistants by configuring it as a tool. The model will then be able to call the MCP server's tools as function calls during its reasoning process, just like with other tools or functions.