This post is a part of the AB-620: Designing and Building Integrated AI Agent Solutions in Copilot Studio Exam Prep Hub.
This topic falls under these sections:
Integrate and extend agents in Copilot Studio (40–45%)
--> Add tools to agents
--> Add a tool by using an existing custom connector
Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.
What is a Custom Connector?
A custom connector is a reusable connector created within the Microsoft Power Platform that exposes one or more APIs as actions that Power Apps, Power Automate, Copilot Studio, and other services can use.
Instead of writing HTTP requests directly into every application, developers encapsulate API definitions into a connector.
The connector becomes a reusable enterprise asset.
Examples include:
- Internal HR system
- Inventory management API
- Legacy ERP
- Manufacturing execution system
- Banking platform
- Insurance claims system
- Internal CRM
- Proprietary AI service
Why Use an Existing Custom Connector?
Many organizations already have custom connectors built for:
- Power Apps
- Power Automate
- Logic Apps
- Internal automation
Instead of recreating integrations, Copilot Studio can reuse them.
Benefits include:
- Less development effort
- Consistent API usage
- Centralized maintenance
- Shared authentication
- Governance
- Reduced duplication
Standard Connectors vs Custom Connectors
| Standard Connector | Custom Connector |
|---|---|
| Built by Microsoft or partner | Built by organization |
| Supports common SaaS products | Supports proprietary systems |
| Automatically maintained | Organization maintains it |
| Limited to supported services | Can connect to virtually any REST API |
| Examples: Outlook, SharePoint | Example: Internal Payroll API |
How Custom Connectors Work
The architecture typically looks like:
User↓Copilot Studio Agent↓Tool↓Custom Connector↓REST API↓Enterprise System
The connector translates:
- Authentication
- Request formatting
- Parameter validation
- Response parsing
into reusable actions.
Typical Enterprise Scenario
A company has an internal warranty database.
The API already exists.
Power Platform administrators previously created a custom connector.
The Copilot Studio agent simply calls the connector instead of directly calling the API.
This avoids:
- duplicate coding
- duplicated authentication
- inconsistent API calls
Components of a Custom Connector
A connector typically includes:
General Information
- Name
- Description
- Icon
- Host URL
Security Definition
Authentication type
Examples:
- OAuth 2.0
- API Key
- Microsoft Entra ID
- Basic Authentication
API Definition
Defines:
- Actions
- Parameters
- Request body
- Responses
Policies
Optional transformations including:
- Header injection
- URL rewriting
- Request modifications
- Response modifications
Authentication Methods
One of the most important exam topics.
OAuth 2.0
Most common.
Suitable for:
- Microsoft Graph
- Enterprise APIs
- Cloud applications
Benefits:
- Secure
- Token-based
- Supports delegated permissions
API Key
Common for:
- Third-party services
- AI APIs
- Internal APIs
The connector automatically sends the key.
Microsoft Entra ID
Often used for internal enterprise APIs.
Advantages:
- Central identity management
- Role-based access
- Conditional Access
- Single Sign-On
Basic Authentication
Supported but generally discouraged for production workloads.
Used mainly with legacy systems.
Adding an Existing Custom Connector as a Tool
Typical process:
- Open the agent.
- Navigate to Tools.
- Select Add Tool.
- Choose Existing Custom Connector.
- Select the connector.
- Select one or more operations.
- Configure parameters.
- Save.
The agent can now invoke the connector during conversations.
Choosing Operations
One connector may expose many actions.
Example:
Inventory Connector
- Get Product
- Update Inventory
- Reserve Inventory
- Cancel Reservation
- Check Warehouse
- Retrieve Supplier
The agent only needs the operations relevant to its purpose.
Selecting unnecessary operations increases complexity and expands the agent’s available actions beyond what is needed.
Designing Good Operations
Operations should be:
- Focused
- Reusable
- Well documented
- Clearly named
Good examples:
- GetCustomer
- CreateOrder
- SubmitExpense
- LookupPolicy
Poor examples:
- ExecuteProcess1
- ActionA
- TestEndpoint
Configuring Parameters
Most operations require parameters.
Example:
GetCustomerCustomerID
or
CreateTicketTitlePriorityDescription
Copilot Studio maps conversation data into these parameters.
Required vs Optional Parameters
Understand the distinction.
Required:
The action cannot execute without them.
Optional:
Improve results but are not mandatory.
Example:
Required
- Order Number
Optional
- Customer Email
Input Mapping
Inputs can come from:
- User messages
- Variables
- Previous tool outputs
- System variables
- AI extracted entities
Example:
User:
Where is order 10245?
↓
Extract:
Order Number
↓
Connector:
GetOrderStatus(10245)
Output Mapping
Connector responses become variables.
Example:
API returns:
Customer NameOrder StatusShipping Date
The agent can then:
- respond to the user
- populate Adaptive Cards
- call another tool
- make decisions
- branch within a topic
Working with JSON Responses
Many APIs return JSON.
Example:
{ "customer":"John Smith", "status":"Processing", "shipDate":"2026-08-15"}
Copilot Studio extracts individual properties for later use.
Security Considerations
Microsoft recommends granting only the permissions the connector actually requires.
Follow the principle of least privilege.
Avoid connectors with unnecessary administrative permissions.
Governance
Administrators should:
- Review connector ownership.
- Approve enterprise connectors.
- Monitor usage.
- Enforce Data Loss Prevention (DLP) policies.
- Control environment access.
- Audit authentication methods.
- Review connector updates before deployment.
Best Practices
Reuse Existing Connectors
Avoid building duplicate connectors.
Keep Operations Small
Small operations are easier to test.
Use Descriptive Names
Helps AI select the correct tool.
Secure Authentication
Prefer:
- OAuth
- Microsoft Entra ID
Avoid hard-coded credentials.
Validate Inputs
Prevent invalid requests before invoking APIs.
Return Structured Responses
Predictable JSON improves downstream processing.
Common Exam Pitfalls
Candidates often confuse:
- Standard connectors
- Power Platform connectors
- Custom connectors
- REST API tools
- MCP tools
Remember:
- Standard connectors are Microsoft-provided.
- Power Platform connectors include both standard and custom connectors available within the Power Platform ecosystem.
- Custom connectors wrap your own APIs into reusable connector definitions.
- REST API tools call APIs directly from the agent without requiring a custom connector.
- MCP tools connect to capabilities exposed through the Model Context Protocol, enabling standardized interaction with external tools and services.
Being able to choose the most appropriate integration option for a given scenario is a key skill measured on the AB-620 exam.
Quick Orientation Summary
In the topics above, you learned what custom connectors are, how they differ from standard connectors, how to configure them as agent tools, and how authentication, parameters, and outputs work.
The topics below focus on the advanced knowledge expected for the AB-620 certification exam.
Advanced Configuration
Once a custom connector has been added to an agent, developers should configure it so that it behaves predictably during conversations.
Important considerations include:
- Selecting only the operations the agent requires
- Mapping variables correctly
- Providing descriptive action names
- Validating required inputs
- Handling null values
- Returning structured outputs
A well-configured connector is easier for the AI orchestrator to select appropriately and reduces the likelihood of incorrect tool invocation.
Designing Agent-Friendly Connectors
Although a connector may expose dozens of operations, not all of them should necessarily be available to an agent.
Good practice includes:
- Separate read operations from update operations.
- Expose only business-relevant actions.
- Avoid administrative functions unless necessary.
- Keep operations focused on a single task.
- Use clear operation descriptions.
Example:
Instead of:
- ExecuteAPI
Use:
- GetCustomerOrders
- CreateSupportTicket
- UpdateDeliveryAddress
This improves the agent’s ability to determine when to invoke each action.
Variable Mapping Best Practices
Variables often originate from:
- User input
- Previous topic variables
- Generative AI extraction
- Other tools
- Adaptive Card submissions
Example workflow:
User:
I need the warranty information for product 45831.
Conversation variable:
ProductID = 45831
Connector action:
GetWarranty(ProductID)
Connector response:
WarrantyStatusExpirationDateCoverageType
These outputs become new variables that the agent can reference later in the conversation.
Chaining Multiple Tools
A single conversation often involves multiple tools working together.
Example:
Step 1
Retrieve customer information.
↓
Step 2
Retrieve active orders.
↓
Step 3
Retrieve shipping status.
↓
Step 4
Generate natural-language response.
Rather than creating one large API, smaller reusable operations simplify maintenance and improve reliability.
Error Handling
Enterprise systems occasionally fail.
Possible causes include:
- Invalid parameters
- Expired authentication
- Network interruptions
- Service outages
- Rate limiting
- Missing permissions
Agents should be designed to recover gracefully whenever possible.
Common Error Responses
Examples include:
400 Bad Request
Incorrect input.
Example:
Customer ID contains invalid characters.
401 Unauthorized
Authentication failed.
Possible causes:
- Expired token
- Invalid credentials
- Missing authentication
403 Forbidden
User is authenticated but lacks permission.
404 Not Found
Requested resource does not exist.
429 Too Many Requests
API rate limit exceeded.
500 Internal Server Error
Unexpected server-side failure.
Designing Friendly Error Messages
Avoid exposing raw API errors to end users.
Instead of:
Error 500
Use:
I couldn’t retrieve your information right now. Please try again in a few minutes.
This provides a better user experience while avoiding disclosure of unnecessary technical details.
Performance Optimization
Large enterprise APIs can affect conversation speed.
Microsoft recommends:
- Return only required fields.
- Reduce payload sizes.
- Limit unnecessary API calls.
- Cache frequently used information when appropriate.
- Break large operations into smaller reusable actions.
Security Best Practices
Security is frequently tested on the AB-620 exam.
Recommendations include:
Principle of Least Privilege
Grant only the permissions required.
Example:
Instead of granting:
Customer.ReadWrite.All
Grant:
Customer.Read
if the agent only retrieves customer information.
Secure Authentication
Preferred methods:
- Microsoft Entra ID
- OAuth 2.0
- Managed identity (where applicable)
Avoid embedding secrets directly in connector definitions whenever possible.
Protect Sensitive Data
Avoid returning:
- Passwords
- Authentication tokens
- Social Security numbers
- Credit card numbers
- Personally identifiable information (PII) unless absolutely required
Return only the data necessary for the conversation.
Monitoring Connector Usage
Administrators should monitor:
- Successful executions
- Failed executions
- Authentication failures
- API latency
- Usage frequency
- User activity
- Connector health
Monitoring helps identify bottlenecks and troubleshoot production issues.
Logging
Logging is useful for:
- Diagnosing failures
- Auditing requests
- Measuring adoption
- Identifying slow operations
- Supporting compliance requirements
However, avoid logging confidential user information unnecessarily.
Versioning Connectors
Enterprise APIs evolve over time.
Best practices include:
- Version APIs
- Test new versions before deployment
- Avoid breaking changes
- Maintain backward compatibility where practical
- Update agents after connector changes
Enterprise Scenario 1
A healthcare organization exposes a patient scheduling API through a custom connector.
The agent can:
- Find appointments
- Schedule visits
- Cancel appointments
- Check physician availability
Authentication uses Microsoft Entra ID.
Only authorized staff members can invoke scheduling operations.
Enterprise Scenario 2
A manufacturing company exposes inventory services.
Operations include:
- Check inventory
- Reserve inventory
- Release reservation
- Find warehouse
The Copilot agent helps warehouse employees without requiring them to open multiple applications.
Enterprise Scenario 3
An insurance company exposes claim-processing APIs.
The connector allows the agent to:
- Retrieve claim status
- Submit documentation
- Update claimant information
- Schedule inspections
Because the connector already exists for Power Automate workflows, the same connector can be reused within Copilot Studio.
Comparing Integration Options
| Feature | Standard Connector | Custom Connector | REST API Tool | MCP Tool |
|---|---|---|---|---|
| Microsoft-managed | Yes | No | No | Depends |
| Organization-created | No | Yes | No | Sometimes |
| Requires API definition | No | Yes | Yes | Yes |
| Reusable across Power Platform | Yes | Yes | No | Varies |
| Direct API calls | No | Indirect | Yes | Via MCP server |
| Best for enterprise reuse | Moderate | Excellent | Moderate | Excellent for standardized AI tool ecosystems |
When to Choose an Existing Custom Connector
Use an existing custom connector when:
- The organization already has one.
- The API is used by multiple Power Platform solutions.
- Authentication has already been configured.
- Governance requirements already exist.
- Multiple applications share the same integration.
When a REST API Tool May Be Better
A REST API tool may be preferable when:
- Only one API operation is needed.
- No connector currently exists.
- Rapid prototyping is desired.
- Reusability across the Power Platform is not required.
More AB-620 Exam Tips
Remember these key points:
- Existing custom connectors promote reuse across the Power Platform.
- Connectors encapsulate authentication and API definitions.
- Use least-privilege permissions.
- Select only the operations needed by the agent.
- Map variables carefully between conversations and connector inputs.
- Handle API failures gracefully.
- Monitor connector performance and usage.
- Use descriptive operation names.
- Reuse existing connectors instead of duplicating integrations.
- Understand when a custom connector is preferable to a REST API tool or MCP tool.
Practice Exam Questions
Question 1
An organization has already created a custom connector for its internal ERP system. A Copilot Studio developer needs to enable agents to retrieve inventory information.
What is the best approach?
A. Create a new REST API tool that duplicates the ERP functionality.
B. Reuse the existing custom connector.
C. Build a Power Automate flow that manually calls the API.
D. Export the connector as an Adaptive Card.
Answer: B
Explanation: Existing custom connectors should be reused whenever possible because they already encapsulate authentication, API definitions, governance, and maintenance.
Question 2
Which authentication method is generally recommended for enterprise APIs secured by Microsoft identity services?
A. Anonymous authentication
B. API key only
C. Microsoft Entra ID (OAuth 2.0)
D. Basic Authentication
Answer: C
Explanation: Microsoft Entra ID with OAuth 2.0 provides secure, centralized identity management, token-based authentication, and integration with enterprise security controls.
Question 3
A connector exposes twenty operations, but an agent only needs two of them.
What is the recommended design?
A. Enable all operations.
B. Create duplicate connectors.
C. Expose only the required operations.
D. Disable authentication.
Answer: C
Explanation: Limiting available operations simplifies agent behavior, improves security, and reduces unnecessary complexity.
Question 4
Which HTTP response code typically indicates that authentication has failed?
A. 404
B. 429
C. 500
D. 401
Answer: D
Explanation: A 401 Unauthorized response indicates that authentication credentials are missing, invalid, or expired.
Question 5
Why should connector operations have descriptive names?
A. They reduce API latency.
B. They improve AI tool selection and maintainability.
C. They eliminate authentication requirements.
D. They automatically optimize API performance.
Answer: B
Explanation: Clear operation names help both developers and AI orchestration determine the appropriate action to invoke.
Question 6
A connector returns customer name, address, loyalty status, and internal audit history. The agent only needs the customer’s loyalty status.
What is the best practice?
A. Return every field.
B. Add more connector actions.
C. Return only the required data.
D. Disable response parsing.
Answer: C
Explanation: Returning only the necessary data reduces payload size, improves performance, and minimizes exposure of unnecessary information.
Question 7
Which practice best supports enterprise security?
A. Embed administrator passwords in the connector.
B. Grant every available permission.
C. Use anonymous access.
D. Apply the principle of least privilege.
Answer: D
Explanation: Least privilege limits permissions to only those required, reducing security risks and supporting compliance.
Question 8
What is a primary advantage of using an existing custom connector instead of recreating the same integration?
A. It automatically removes authentication.
B. It eliminates API documentation.
C. It promotes reuse, governance, and centralized maintenance.
D. It guarantees faster API responses.
Answer: C
Explanation: Existing custom connectors provide reusable, centrally managed integrations that can be shared across Power Platform solutions.
Question 9
During execution, an API returns HTTP 429.
What does this typically indicate?
A. The requested resource was not found.
B. The request exceeded the service’s rate limit.
C. Authentication failed.
D. The connector is incorrectly configured.
Answer: B
Explanation: HTTP 429 indicates that too many requests have been sent in a given period, triggering rate limiting.
Question 10
When should a developer consider using an existing custom connector instead of creating a direct REST API tool?
A. When the organization already maintains the connector for multiple Power Platform solutions.
B. When no reusable integration exists.
C. Only during testing.
D. Only for public APIs.
Answer: A
Explanation: Reusing an existing custom connector leverages established authentication, governance, maintenance, and reusability across multiple applications, making it the preferred approach when such a connector already exists.
AB-620 Exam Summary
For the exam, remember these key takeaways:
- Custom connectors encapsulate APIs into reusable Power Platform components.
- Existing custom connectors should generally be reused instead of creating duplicate integrations.
- Configure only the operations an agent requires.
- Use secure authentication methods such as Microsoft Entra ID and OAuth 2.0.
- Apply least-privilege security principles.
- Map conversation variables carefully to connector inputs and outputs.
- Handle API errors gracefully with user-friendly messages.
- Monitor connector health, performance, and usage.
- Understand when to use custom connectors versus REST API tools and MCP tools based on governance, reuse, and integration requirements.
Go to the AB-620 Exam Prep Hub main page
