Add a tool by using an existing custom connector (AB-620 Exam Prep)

This post is a part of the AB-620: Designing and Building Integrated AI Agent Solutions in Copilot Studio Exam Prep Hub.
This topic falls under these sections:
Integrate and extend agents in Copilot Studio (40–45%)
   --> Add tools to agents
      --> Add a tool by using an existing custom connector


Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

What is a Custom Connector?

A custom connector is a reusable connector created within the Microsoft Power Platform that exposes one or more APIs as actions that Power Apps, Power Automate, Copilot Studio, and other services can use.

Instead of writing HTTP requests directly into every application, developers encapsulate API definitions into a connector.

The connector becomes a reusable enterprise asset.

Examples include:

  • Internal HR system
  • Inventory management API
  • Legacy ERP
  • Manufacturing execution system
  • Banking platform
  • Insurance claims system
  • Internal CRM
  • Proprietary AI service

Why Use an Existing Custom Connector?

Many organizations already have custom connectors built for:

  • Power Apps
  • Power Automate
  • Logic Apps
  • Internal automation

Instead of recreating integrations, Copilot Studio can reuse them.

Benefits include:

  • Less development effort
  • Consistent API usage
  • Centralized maintenance
  • Shared authentication
  • Governance
  • Reduced duplication

Standard Connectors vs Custom Connectors

Standard ConnectorCustom Connector
Built by Microsoft or partnerBuilt by organization
Supports common SaaS productsSupports proprietary systems
Automatically maintainedOrganization maintains it
Limited to supported servicesCan connect to virtually any REST API
Examples: Outlook, SharePointExample: Internal Payroll API

How Custom Connectors Work

The architecture typically looks like:

User
Copilot Studio Agent
Tool
Custom Connector
REST API
Enterprise System

The connector translates:

  • Authentication
  • Request formatting
  • Parameter validation
  • Response parsing

into reusable actions.


Typical Enterprise Scenario

A company has an internal warranty database.

The API already exists.

Power Platform administrators previously created a custom connector.

The Copilot Studio agent simply calls the connector instead of directly calling the API.

This avoids:

  • duplicate coding
  • duplicated authentication
  • inconsistent API calls

Components of a Custom Connector

A connector typically includes:

General Information

  • Name
  • Description
  • Icon
  • Host URL

Security Definition

Authentication type

Examples:

  • OAuth 2.0
  • API Key
  • Microsoft Entra ID
  • Basic Authentication

API Definition

Defines:

  • Actions
  • Parameters
  • Request body
  • Responses

Policies

Optional transformations including:

  • Header injection
  • URL rewriting
  • Request modifications
  • Response modifications

Authentication Methods

One of the most important exam topics.

OAuth 2.0

Most common.

Suitable for:

  • Microsoft Graph
  • Enterprise APIs
  • Cloud applications

Benefits:

  • Secure
  • Token-based
  • Supports delegated permissions

API Key

Common for:

  • Third-party services
  • AI APIs
  • Internal APIs

The connector automatically sends the key.


Microsoft Entra ID

Often used for internal enterprise APIs.

Advantages:

  • Central identity management
  • Role-based access
  • Conditional Access
  • Single Sign-On

Basic Authentication

Supported but generally discouraged for production workloads.

Used mainly with legacy systems.


Adding an Existing Custom Connector as a Tool

Typical process:

  1. Open the agent.
  2. Navigate to Tools.
  3. Select Add Tool.
  4. Choose Existing Custom Connector.
  5. Select the connector.
  6. Select one or more operations.
  7. Configure parameters.
  8. Save.

The agent can now invoke the connector during conversations.


Choosing Operations

One connector may expose many actions.

Example:

Inventory Connector

  • Get Product
  • Update Inventory
  • Reserve Inventory
  • Cancel Reservation
  • Check Warehouse
  • Retrieve Supplier

The agent only needs the operations relevant to its purpose.

Selecting unnecessary operations increases complexity and expands the agent’s available actions beyond what is needed.


Designing Good Operations

Operations should be:

  • Focused
  • Reusable
  • Well documented
  • Clearly named

Good examples:

  • GetCustomer
  • CreateOrder
  • SubmitExpense
  • LookupPolicy

Poor examples:

  • ExecuteProcess1
  • ActionA
  • TestEndpoint

Configuring Parameters

Most operations require parameters.

Example:

GetCustomer
CustomerID

or

CreateTicket
Title
Priority
Description

Copilot Studio maps conversation data into these parameters.


Required vs Optional Parameters

Understand the distinction.

Required:

The action cannot execute without them.

Optional:

Improve results but are not mandatory.

Example:

Required

  • Order Number

Optional

  • Customer Email

Input Mapping

Inputs can come from:

  • User messages
  • Variables
  • Previous tool outputs
  • System variables
  • AI extracted entities

Example:

User:

Where is order 10245?

Extract:

Order Number

Connector:

GetOrderStatus(10245)


Output Mapping

Connector responses become variables.

Example:

API returns:

Customer Name
Order Status
Shipping Date

The agent can then:

  • respond to the user
  • populate Adaptive Cards
  • call another tool
  • make decisions
  • branch within a topic

Working with JSON Responses

Many APIs return JSON.

Example:

{
"customer":"John Smith",
"status":"Processing",
"shipDate":"2026-08-15"
}

Copilot Studio extracts individual properties for later use.


Security Considerations

Microsoft recommends granting only the permissions the connector actually requires.

Follow the principle of least privilege.

Avoid connectors with unnecessary administrative permissions.


Governance

Administrators should:

  • Review connector ownership.
  • Approve enterprise connectors.
  • Monitor usage.
  • Enforce Data Loss Prevention (DLP) policies.
  • Control environment access.
  • Audit authentication methods.
  • Review connector updates before deployment.

Best Practices

Reuse Existing Connectors

Avoid building duplicate connectors.


Keep Operations Small

Small operations are easier to test.


Use Descriptive Names

Helps AI select the correct tool.


Secure Authentication

Prefer:

  • OAuth
  • Microsoft Entra ID

Avoid hard-coded credentials.


Validate Inputs

Prevent invalid requests before invoking APIs.


Return Structured Responses

Predictable JSON improves downstream processing.


Common Exam Pitfalls

Candidates often confuse:

  • Standard connectors
  • Power Platform connectors
  • Custom connectors
  • REST API tools
  • MCP tools

Remember:

  • Standard connectors are Microsoft-provided.
  • Power Platform connectors include both standard and custom connectors available within the Power Platform ecosystem.
  • Custom connectors wrap your own APIs into reusable connector definitions.
  • REST API tools call APIs directly from the agent without requiring a custom connector.
  • MCP tools connect to capabilities exposed through the Model Context Protocol, enabling standardized interaction with external tools and services.

Being able to choose the most appropriate integration option for a given scenario is a key skill measured on the AB-620 exam.


Quick Orientation Summary

In the topics above, you learned what custom connectors are, how they differ from standard connectors, how to configure them as agent tools, and how authentication, parameters, and outputs work.

The topics below focus on the advanced knowledge expected for the AB-620 certification exam.


Advanced Configuration

Once a custom connector has been added to an agent, developers should configure it so that it behaves predictably during conversations.

Important considerations include:

  • Selecting only the operations the agent requires
  • Mapping variables correctly
  • Providing descriptive action names
  • Validating required inputs
  • Handling null values
  • Returning structured outputs

A well-configured connector is easier for the AI orchestrator to select appropriately and reduces the likelihood of incorrect tool invocation.


Designing Agent-Friendly Connectors

Although a connector may expose dozens of operations, not all of them should necessarily be available to an agent.

Good practice includes:

  • Separate read operations from update operations.
  • Expose only business-relevant actions.
  • Avoid administrative functions unless necessary.
  • Keep operations focused on a single task.
  • Use clear operation descriptions.

Example:

Instead of:

  • ExecuteAPI

Use:

  • GetCustomerOrders
  • CreateSupportTicket
  • UpdateDeliveryAddress

This improves the agent’s ability to determine when to invoke each action.


Variable Mapping Best Practices

Variables often originate from:

  • User input
  • Previous topic variables
  • Generative AI extraction
  • Other tools
  • Adaptive Card submissions

Example workflow:

User:

I need the warranty information for product 45831.

Conversation variable:

ProductID = 45831

Connector action:

GetWarranty(ProductID)

Connector response:

WarrantyStatus
ExpirationDate
CoverageType

These outputs become new variables that the agent can reference later in the conversation.


Chaining Multiple Tools

A single conversation often involves multiple tools working together.

Example:

Step 1

Retrieve customer information.

Step 2

Retrieve active orders.

Step 3

Retrieve shipping status.

Step 4

Generate natural-language response.

Rather than creating one large API, smaller reusable operations simplify maintenance and improve reliability.


Error Handling

Enterprise systems occasionally fail.

Possible causes include:

  • Invalid parameters
  • Expired authentication
  • Network interruptions
  • Service outages
  • Rate limiting
  • Missing permissions

Agents should be designed to recover gracefully whenever possible.


Common Error Responses

Examples include:

400 Bad Request

Incorrect input.

Example:

Customer ID contains invalid characters.


401 Unauthorized

Authentication failed.

Possible causes:

  • Expired token
  • Invalid credentials
  • Missing authentication

403 Forbidden

User is authenticated but lacks permission.


404 Not Found

Requested resource does not exist.


429 Too Many Requests

API rate limit exceeded.


500 Internal Server Error

Unexpected server-side failure.


Designing Friendly Error Messages

Avoid exposing raw API errors to end users.

Instead of:

Error 500

Use:

I couldn’t retrieve your information right now. Please try again in a few minutes.

This provides a better user experience while avoiding disclosure of unnecessary technical details.


Performance Optimization

Large enterprise APIs can affect conversation speed.

Microsoft recommends:

  • Return only required fields.
  • Reduce payload sizes.
  • Limit unnecessary API calls.
  • Cache frequently used information when appropriate.
  • Break large operations into smaller reusable actions.

Security Best Practices

Security is frequently tested on the AB-620 exam.

Recommendations include:

Principle of Least Privilege

Grant only the permissions required.

Example:

Instead of granting:

Customer.ReadWrite.All

Grant:

Customer.Read

if the agent only retrieves customer information.


Secure Authentication

Preferred methods:

  • Microsoft Entra ID
  • OAuth 2.0
  • Managed identity (where applicable)

Avoid embedding secrets directly in connector definitions whenever possible.


Protect Sensitive Data

Avoid returning:

  • Passwords
  • Authentication tokens
  • Social Security numbers
  • Credit card numbers
  • Personally identifiable information (PII) unless absolutely required

Return only the data necessary for the conversation.


Monitoring Connector Usage

Administrators should monitor:

  • Successful executions
  • Failed executions
  • Authentication failures
  • API latency
  • Usage frequency
  • User activity
  • Connector health

Monitoring helps identify bottlenecks and troubleshoot production issues.


Logging

Logging is useful for:

  • Diagnosing failures
  • Auditing requests
  • Measuring adoption
  • Identifying slow operations
  • Supporting compliance requirements

However, avoid logging confidential user information unnecessarily.


Versioning Connectors

Enterprise APIs evolve over time.

Best practices include:

  • Version APIs
  • Test new versions before deployment
  • Avoid breaking changes
  • Maintain backward compatibility where practical
  • Update agents after connector changes

Enterprise Scenario 1

A healthcare organization exposes a patient scheduling API through a custom connector.

The agent can:

  • Find appointments
  • Schedule visits
  • Cancel appointments
  • Check physician availability

Authentication uses Microsoft Entra ID.

Only authorized staff members can invoke scheduling operations.


Enterprise Scenario 2

A manufacturing company exposes inventory services.

Operations include:

  • Check inventory
  • Reserve inventory
  • Release reservation
  • Find warehouse

The Copilot agent helps warehouse employees without requiring them to open multiple applications.


Enterprise Scenario 3

An insurance company exposes claim-processing APIs.

The connector allows the agent to:

  • Retrieve claim status
  • Submit documentation
  • Update claimant information
  • Schedule inspections

Because the connector already exists for Power Automate workflows, the same connector can be reused within Copilot Studio.


Comparing Integration Options

FeatureStandard ConnectorCustom ConnectorREST API ToolMCP Tool
Microsoft-managedYesNoNoDepends
Organization-createdNoYesNoSometimes
Requires API definitionNoYesYesYes
Reusable across Power PlatformYesYesNoVaries
Direct API callsNoIndirectYesVia MCP server
Best for enterprise reuseModerateExcellentModerateExcellent for standardized AI tool ecosystems

When to Choose an Existing Custom Connector

Use an existing custom connector when:

  • The organization already has one.
  • The API is used by multiple Power Platform solutions.
  • Authentication has already been configured.
  • Governance requirements already exist.
  • Multiple applications share the same integration.

When a REST API Tool May Be Better

A REST API tool may be preferable when:

  • Only one API operation is needed.
  • No connector currently exists.
  • Rapid prototyping is desired.
  • Reusability across the Power Platform is not required.

More AB-620 Exam Tips

Remember these key points:

  • Existing custom connectors promote reuse across the Power Platform.
  • Connectors encapsulate authentication and API definitions.
  • Use least-privilege permissions.
  • Select only the operations needed by the agent.
  • Map variables carefully between conversations and connector inputs.
  • Handle API failures gracefully.
  • Monitor connector performance and usage.
  • Use descriptive operation names.
  • Reuse existing connectors instead of duplicating integrations.
  • Understand when a custom connector is preferable to a REST API tool or MCP tool.

Practice Exam Questions

Question 1

An organization has already created a custom connector for its internal ERP system. A Copilot Studio developer needs to enable agents to retrieve inventory information.

What is the best approach?

A. Create a new REST API tool that duplicates the ERP functionality.

B. Reuse the existing custom connector.

C. Build a Power Automate flow that manually calls the API.

D. Export the connector as an Adaptive Card.

Answer: B

Explanation: Existing custom connectors should be reused whenever possible because they already encapsulate authentication, API definitions, governance, and maintenance.


Question 2

Which authentication method is generally recommended for enterprise APIs secured by Microsoft identity services?

A. Anonymous authentication

B. API key only

C. Microsoft Entra ID (OAuth 2.0)

D. Basic Authentication

Answer: C

Explanation: Microsoft Entra ID with OAuth 2.0 provides secure, centralized identity management, token-based authentication, and integration with enterprise security controls.


Question 3

A connector exposes twenty operations, but an agent only needs two of them.

What is the recommended design?

A. Enable all operations.

B. Create duplicate connectors.

C. Expose only the required operations.

D. Disable authentication.

Answer: C

Explanation: Limiting available operations simplifies agent behavior, improves security, and reduces unnecessary complexity.


Question 4

Which HTTP response code typically indicates that authentication has failed?

A. 404

B. 429

C. 500

D. 401

Answer: D

Explanation: A 401 Unauthorized response indicates that authentication credentials are missing, invalid, or expired.


Question 5

Why should connector operations have descriptive names?

A. They reduce API latency.

B. They improve AI tool selection and maintainability.

C. They eliminate authentication requirements.

D. They automatically optimize API performance.

Answer: B

Explanation: Clear operation names help both developers and AI orchestration determine the appropriate action to invoke.


Question 6

A connector returns customer name, address, loyalty status, and internal audit history. The agent only needs the customer’s loyalty status.

What is the best practice?

A. Return every field.

B. Add more connector actions.

C. Return only the required data.

D. Disable response parsing.

Answer: C

Explanation: Returning only the necessary data reduces payload size, improves performance, and minimizes exposure of unnecessary information.


Question 7

Which practice best supports enterprise security?

A. Embed administrator passwords in the connector.

B. Grant every available permission.

C. Use anonymous access.

D. Apply the principle of least privilege.

Answer: D

Explanation: Least privilege limits permissions to only those required, reducing security risks and supporting compliance.


Question 8

What is a primary advantage of using an existing custom connector instead of recreating the same integration?

A. It automatically removes authentication.

B. It eliminates API documentation.

C. It promotes reuse, governance, and centralized maintenance.

D. It guarantees faster API responses.

Answer: C

Explanation: Existing custom connectors provide reusable, centrally managed integrations that can be shared across Power Platform solutions.


Question 9

During execution, an API returns HTTP 429.

What does this typically indicate?

A. The requested resource was not found.

B. The request exceeded the service’s rate limit.

C. Authentication failed.

D. The connector is incorrectly configured.

Answer: B

Explanation: HTTP 429 indicates that too many requests have been sent in a given period, triggering rate limiting.


Question 10

When should a developer consider using an existing custom connector instead of creating a direct REST API tool?

A. When the organization already maintains the connector for multiple Power Platform solutions.

B. When no reusable integration exists.

C. Only during testing.

D. Only for public APIs.

Answer: A

Explanation: Reusing an existing custom connector leverages established authentication, governance, maintenance, and reusability across multiple applications, making it the preferred approach when such a connector already exists.


AB-620 Exam Summary

For the exam, remember these key takeaways:

  • Custom connectors encapsulate APIs into reusable Power Platform components.
  • Existing custom connectors should generally be reused instead of creating duplicate integrations.
  • Configure only the operations an agent requires.
  • Use secure authentication methods such as Microsoft Entra ID and OAuth 2.0.
  • Apply least-privilege security principles.
  • Map conversation variables carefully to connector inputs and outputs.
  • Handle API errors gracefully with user-friendly messages.
  • Monitor connector health, performance, and usage.
  • Understand when to use custom connectors versus REST API tools and MCP tools based on governance, reuse, and integration requirements.

Go to the AB-620 Exam Prep Hub main page