Why has my integration token expired?

If you're experiencing a 401 error with your Profit.co integration, it usually indicates that your authentication token has expired. Profit.co integrates with third-party applications to automatically check in key results by pulling values from the third-party application every 24 hours at 9:00 am PST. During this scheduled API call, a 401 error typically occurs if the authentication fails due to expired or invalid credentials provided during the initial configuration, signaling the need for re-authentication. Here’s a breakdown of the reasons your token may expire based on the type of authentication used:

Types of Authentication

Profit.co supports three types of authentication methods to connect with various third-party applications. Each method has unique characteristics and potential causes for expiration:

1. OAuth

OAuth (Open Authorization) is a secure authentication protocol used to grant applications limited access to a user’s account on another service without sharing credentials. It uses tokens to access specific services or scopes based on user permission.

Examples: HubSpot, Google Sheets, Salesforce, Power BI, Asana, MS Planner, and Zoho Products.

Common Reasons for OAuth Token Expiration:

• Admin Removal: If an administrator removes Profit.co’s access to an OAuth application, the token will be invalidated.
• Scope Restrictions: When permissions or data access levels (known as "scopes") are changed in the third-party app, it can render the token invalid.
• Inactive Use: If the integrated third-party application is not used for a long period by the respective user, the app will be moved to an inactive state.
• Password Change: When a user changes their credentials (username or password) for the integrated third-party application, it can lead to token expiration to protect product security.

2. Basic Authentication

Basic Authentication uses a straightforward method of verifying user credentials (username and password) to establish a connection. While effective, it is less secure than other methods because credentials are shared directly.

Examples: MariaDB and other database integrations.

Common Reasons for Basic Authentication Expiration:

• Credential Updates: If the username or password has been changed, the saved credentials used for integration will no longer be valid. Re-entering the updated credentials will resolve the issue.

3. Bearer Token

Bearer Token authentication involves passing a security token with each API request. The token verifies the user's identity and allows access to the application. This method is often used in modern applications to maintain secure, stateless authentication.

Examples: Trello, GitLab, Ticket Tailor.

Common Reasons for Bearer Token Expiration:

• Token Removal: When a saved token is removed or deleted in the third-party app, it leads to failed API calls due to the missing token.
• Token Revocation: Some applications allow users to revoke tokens as a security measure, making them invalid.
• Automatic Expiry: Many bearer tokens have set expiration times, which require re-authentication when they lapse.
• Scope Restrictions: Similar to OAuth, if the permissions or scopes change within the third-party app, the token may expire.

How to Resolve Expired Token Errors

If you encounter a 401 error due to an expired token, here are the steps you can take to troubleshoot:

1. Check Credentials or Tokens: Re-enter the username, password, or token if they were recently updated or deleted.

2. Confirm Permissions: Review the app permissions and scopes on the third-party platform to ensure nothing has changed.

3. Reauthorize the App: For OAuth integration, simply reauthorize the connection directly within the Profit.co application—no need to remove the connection. For Bearer Token authentication, update the token by re-entering it on the configuration page.

4. Contact Admin: If the app was removed or modified by an administrator, reach out to them for re-authorization.

By following these steps, you can help maintain seamless integration between Profit.co and your third-party applications.