Connection Authentication Errors
Authentication errors are among the most common causes of automation failures in Chase Agents. They occur when the credentials for a connection are invalid, expired, or lack the necessary permissions. This guide explains how to diagnose and fix each type.
Identifying an Authentication Error
Authentication errors typically surface as HTTP 401 (Unauthorized) or HTTP 403 (Forbidden) errors in the step failure details in Workflow History. A 401 means the connection could not authenticate at all. A 403 means the connection authenticated successfully but the credentials do not have permission to perform the requested operation. Both require different fixes.
Fixing a 401 Unauthorized Error (API Key Connections)
A 401 on an API key connection means the key is invalid, has been deleted, or has expired. Go to your connections in the Connections Marketplace and find the affected connection. Edit the connection and re-enter the API key. Generate a new key from the external service if the existing key was deleted or rotated. Save the connection. Re-run the failed automation to verify the new key works.
Fixing a 401 Unauthorized Error (OAuth Connections)
Chase Agents automatically refreshes OAuth tokens before they expire using the PKCE flow. However, some OAuth connections require re-authorization when the user revokes the token from the external service, when the external service changes its OAuth endpoints, or when the granted scope changes. If you see a 401 on an OAuth connection, go to the connection settings and click Re-authorize to go through the OAuth flow again with the external service.
Fixing a 403 Forbidden Error
A 403 means the credentials are valid but the API key or OAuth token does not have permission to perform the specific action. For API key connections, check the permission settings on the key in the external service and add the required permission or generate a new key with broader scope. For OAuth connections, go through the re-authorization flow and ensure you grant all the required permissions when prompted by the external service.
Testing a Connection
After updating credentials, test the connection before re-running the automation. Navigate to the connection in the Connections Marketplace and use the connection health check feature to verify the credentials are valid. A successful health check confirms the connection can authenticate. Then re-run the automation manually to verify the full step sequence works.
Template Variable Credential Errors
If your automation uses template variables to reference credential values, and the referenced secret name no longer exists in the vault (for example, because it was renamed or deleted), the step will fail with an error indicating the template variable could not be resolved. Navigate to the credential vault, verify the secret name exactly matches what is referenced in the step, and update either the secret name or the step's template variable reference to match.
Preventing Future Authentication Failures
To reduce authentication failures: enable connection health monitoring so you are alerted when a connection goes unhealthy before it causes automation failures; use template variables for all credential references so rotating a key requires only updating one place; and for critical automations, configure a Slack notification when a run fails so authentication issues are caught quickly.