diff --git a/.changesets/fix_missing_token_propagation.md b/.changesets/fix_missing_token_propagation.md
new file mode 100644
index 00000000..a6d5297f
--- /dev/null
+++ b/.changesets/fix_missing_token_propagation.md
@@ -0,0 +1,3 @@
+### fix: Add missing token propagation for execute tool - @DaleSeo PR #298
+
+The execute tool is not forwarding JWT authentication tokens to upstream GraphQL endpoints, causing authentication failures when using this tool with protected APIs.
diff --git a/crates/apollo-mcp-server/src/server/states/running.rs b/crates/apollo-mcp-server/src/server/states/running.rs
index 908d068d..b1b69495 100644
--- a/crates/apollo-mcp-server/src/server/states/running.rs
+++ b/crates/apollo-mcp-server/src/server/states/running.rs
@@ -210,6 +210,11 @@ impl ServerHandler for Running {
             EXECUTE_TOOL_NAME => {
                 let mut headers = self.headers.clone();
                 if let Some(axum_parts) = context.extensions.get::<axum::http::request::Parts>() {
+                    // Optionally extract the validated token and propagate it to upstream servers if present
+                    if let Some(token) = axum_parts.extensions.get::<ValidToken>() {
+                        headers.typed_insert(token.deref().clone());
+                    }
+
                     // Forward the mcp-session-id header if present
                     if let Some(session_id) = axum_parts.headers.get("mcp-session-id") {
                         headers.insert("mcp-session-id", session_id.clone());