Failure Index / Auth & permissions · critical · LangChain · OpenAI Agents SDK · CrewAI

Agent tool call fails with HTTP 401 Unauthorized

A tool your agent called returned HTTP 401 — the API key or OAuth token it used was rejected by the upstream service. The agent usually retries, fails again, and either loops or gives up mid-task.

The error

ToolException: 401 Unauthorized
langchain agent 401 unauthorized tool call
openai agents sdk function tool 401

Root cause

The credentials the tool uses are invalid or expired. The classic causes: an OAuth token past its expiry (Google tokens last 1 hour, Salesforce 24 hours), a rotated API key that was never updated in the agent's environment, or test-mode keys pointed at production resources.

The fix

Find which credential the failing tool uses and verify it is current. If it is an OAuth token, re-authorize to mint a fresh one and add refresh logic before expiry. If it is an API key, confirm the value in the agent's environment matches the provider dashboard — and that you are not mixing test and live keys.

Preventing it next time

Refresh OAuth tokens ahead of expiry instead of on failure, and alert on the FIRST 401 from any tool — a 401 never fixes itself with retries.

Stop debugging this by hand. Vorlo watches your agent and, when this failure happens, hands you the diagnosis and the fix — verified by developers who hit it before you — in your dashboard, Slack, or your editor. Two lines of code: pip install vorlo-trace · npm install vorlo-trace. Start free

Related failures