The server must be a remote endpoint that speaks Streamable HTTP MCP (for example
https://api.example.com/mcp). Spojit discovers the tool list live from the server, so it always reflects the server’s current state.Add a custom server
Enter the basics
- Name: a label to identify this server, for example
Internal CRM MCP. - Server URL: the full MCP endpoint, for example
https://api.example.com/mcp. - Icon URL (optional): an
https://image URL to show as the connection’s icon.
Choose an authentication mode
Pick None, Token, or OAuth 2.0 depending on what the server requires. See Authentication modes below.
Authentication modes
Custom servers support three modes. Check the server’s own documentation for which one it expects.None
For public servers, or servers that authenticate at the network boundary (VPN, mutual TLS). Some servers accept a key directly in the URL query string, in which case no separate credential is needed.Token (header)
Spojit sends a token on a header with every request. In the dialog, turn on Requires authentication and set:- Token: the secret value, stored securely (never shown again after saving).
- Header name: default
Authorization. - Prefix: default
Bearer.
Authorization: Bearer <token>. For an API-key header such as X-API-Key, set the header name and clear the prefix.
OAuth 2.0 (bring your own app)
For servers backed by a standard OAuth provider, where an access token authorizes the server. You supply your own OAuth app’s details:Fill in the OAuth fields
Choose OAuth 2.0 and enter the Authorization URL, Token URL, Client ID, Client Secret, and Scopes. Under Advanced you can toggle PKCE and switch client authentication between POST body and Basic header.
Use a custom server in a workflow
Once the connection exists, add it to a workflow:Pick it under Custom Servers
Custom servers appear in their own Custom Servers section at the top of the picker. Select yours.
Edit or reconnect
Use the Configure button on the connection to change the name, URL, icon, or auth. For a token connection, leave the token blank to keep the current one; for OAuth, leave the client secret blank to keep it, or enter a new one to rotate it. Use Reconnect to re-run the OAuth flow after changing scopes or credentials.Caveats
- Reachable from Spojit: the server URL must be reachable from Spojit’s runtime, not just your machine. Internal-only servers need a VPN or reverse proxy.
- Secrets are stored securely: tokens, client secrets, and OAuth tokens are stored securely and never shown after saving.
- You own the OAuth app: for OAuth mode you create and manage the OAuth application; Spojit only stores the credentials you supply.
- Icons are https only: the optional Icon URL must be an
https://image URL. - Tenant-scoped: a custom server is visible only within your organization. Its visibility (Organization or Private) controls who inside the tenant can see and use it.
Troubleshooting
Cannot reach server
Cannot reach server
Confirm the URL is correct and reachable from Spojit’s runtime. Check that the server is running and responding on the Streamable HTTP MCP endpoint.
Authentication failed
Authentication failed
Verify the token is current and the header name matches what the server expects (for example
Authorization versus X-API-Key). For OAuth, confirm the redirect URI is registered with the provider and the scopes are correct.No tools appear
No tools appear
Confirm the endpoint is an MCP server that returns a tool list. Re-saving the connection re-runs tool discovery, so new tools on the server become available without recreating the connection.