Failure Index / Auth & permissions · critical · LangChain · OpenAI Agents SDK · CrewAI
Agent tool call fails with HTTP 401 Unauthorized
A tool your agent called returned HTTP 401 — the API key or OAuth token it used was rejected by the upstream service. The agent usually retries, fails again, and either loops or gives up mid-task.
The error
ToolException: 401 Unauthorized
langchain agent 401 unauthorized tool call
openai agents sdk function tool 401Root cause
The credentials the tool uses are invalid or expired. The classic causes: an OAuth token past its expiry (Google tokens last 1 hour, Salesforce 24 hours), a rotated API key that was never updated in the agent's environment, or test-mode keys pointed at production resources.
The fix
Find which credential the failing tool uses and verify it is current. If it is an OAuth token, re-authorize to mint a fresh one and add refresh logic before expiry. If it is an API key, confirm the value in the agent's environment matches the provider dashboard — and that you are not mixing test and live keys.
Preventing it next time
Refresh OAuth tokens ahead of expiry instead of on failure, and alert on the FIRST 401 from any tool — a 401 never fixes itself with retries.
pip install vorlo-trace · npm install vorlo-trace. Start free