# MCP Server authentication

> UiPath MCP Servers require authentication on every HTTP request. There is no session-based authentication carry-forward. Even after an MCP session is established, every subsequent request must include a valid `Authorization: Bearer <token>` header.

UiPath MCP Servers require authentication on every HTTP request. There is no session-based authentication carry-forward. Even after an MCP session is established, every subsequent request must include a valid `Authorization: Bearer <token>` header.

The `mcp-session-id` header is for MCP protocol state management only. It is not an authentication mechanism.

## Authentication methods

There are four ways to obtain a token for accessing a UiPath MCP Server:

| Method | Token source | Scopes and permissions required |
| --- | --- | --- |
| [MCP OAuth flow](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-the-mcp-oauth-flow) | Automatic, handled by the IDE | Handled by the discovery flow |
| [Personal access token (PAT)](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-a-personal-access-token) | UiPath Cloud UI | Select `OR.Jobs` and `OR.Execution` from the **Orchestrator API Access** resource. |
| [External application](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-an-external-application) | Admin > External Apps | Configure `OR.Execution` and `OR.Jobs` in the app. At token request time, include `OR.Default` to control routing behavior. |
| [Interactive login (CLI)](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-interactive-login) | `uipath auth` CLI command | Granted automatically during login |

## When to use each method

The right method depends on whether a human is present at sign-in time and whether the MCP Server exposes Integration Service connectors.

| Scenario | Recommended method | Notes |
| --- | --- | --- |
| Using an IDE (VS Code, GitHub Copilot) | [MCP OAuth flow](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-the-mcp-oauth-flow) | The IDE handles discovery, login, and token refresh automatically. Nothing to configure beyond the MCP Server URL. |
| Automated or unattended workloads (CI/CD pipelines, service accounts, microservices, long-running processes) | [External application - application scopes](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-an-external-application#setting-up-application-scope-authentication) | The only method that works without user interaction. Request `OR.Default` for the simplest setup. |
| Connecting from a third-party app (Copilot Studio, ChatGPT) | [External application - user scopes](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-an-external-application#setting-up-user-scope-authentication) | Create a confidential app with user scopes, configure the third-party app's OAuth settings manually, and have the user log in through the app. |
| Building a desktop or mobile MCP client | [External application - non-confidential app with PKCE](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-an-external-application#variant-non-confidential-app-with-pkce) | No client secret can leak, and PKCE protects the authorization code flow. The user logs in through a browser and the app receives a token on their behalf. |
| Developing or testing locally (human present) | [Interactive login (CLI)](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-interactive-login) or [Personal access token](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-a-personal-access-token) | Interactive login requires one command and inherits your folder permissions; tokens last one hour. PATs have a configurable expiration up to one year and work with any HTTP client. |
| MCP Server uses Integration Service activities | [MCP OAuth flow](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-the-mcp-oauth-flow), [Interactive login](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-interactive-login), or [External application - user scopes](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-an-external-application#setting-up-user-scope-authentication) | Integration Service activities require user context. PATs and client credentials connect to the MCP Server, but Integration Service-backed tool calls time out. |

## Common requirements

The following requirements apply regardless of the chosen authentication method.

### Every request must be authenticated

There is no session carry-forward. Every HTTP request must include a valid `Authorization: Bearer <token>` header. The `mcp-session-id` header is for MCP protocol state only.

### URL format

The MCP Server endpoint URL always has the following format:

```
https://cloud.uipath.com/{org}/{tenant}/agenthub_/mcp/{folderKey}/{slug}
```

Where:

* `{org}`: your UiPath organization name
* `{tenant}`: your tenant name
* `{folderKey}`: the folder's GUID (not the folder name or path)
* `{slug}`: the MCP Server's URL slug

### Minimum folder permission

The authenticated identity (user or external app) must have the `MCPServers.View` permission in the folder containing the MCP Server. This permission is included in the **Automation User**, **Automation Developer**, and **Folder Administrator** roles.

### Additional permission for Coded and Command servers

Coded and Command MCP Servers execute Orchestrator jobs. The identity must also have the `Jobs.Create` permission. This permission is included in the **Automation User** and **Automation Developer** roles.

### Integration Service limitation

If the MCP Server exposes tools backed by Integration Service activities, only user-context authentication works ([interactive login](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-interactive-login) or [MCP OAuth flow](https://docs.uipath.com/orchestrator/automation-cloud/latest/user-guide/authenticating-with-the-mcp-oauth-flow)). PATs and external app client credentials connect to the MCP Server, but Integration Service-backed tool calls time out.

### Token validation

UiPath MCP Servers validate tokens using the following schemes, in sequence. The first match wins:

| Scheme | Audience | Used by |
| --- | --- | --- |
| Robot access token | `Orchestrator` | Robot execution tokens |
| Identity OAuth access token | `OrchestratorApiUserAccess` | Interactive login |
| Identity personal access token | `UiPath.Orchestrator` | Personal access tokens, external application tokens, MCP OAuth flow tokens |

All schemes enforce signature validation, issuer validation, audience validation, expiration validation, and partition ID (`prt_id` claim) matching against the organization from the request URL.