Troubleshooting Guide for Native Automation Failures

This article will help you understand and troubleshoot errors in Native Automations that you might see in the Automation reports.

Connection and authentication errors

These errors usually mean the link between Sembly and the connected app (e.g., Jira, Notion, Airtable) is broken or not fully authorized. Reconnecting or re-authorizing the integration often fixes them.

Invalid client credentials (OAuth)

Error you might see:

OAuth Error (invalid_client): Invalid client credentials.

What it means:

The connected app (e.g. Airtable) no longer accepts the credentials used for this integration. This can happen if the app’s API or security settings changed, or the integration was set up with wrong or outdated credentials.

What you can do:

• In your workspace, open Integrations (or Settings → Integrations) and find the integration that is failing.
• Disconnect the integration, then connect it again and complete the login/authorization flow.
• If you use a custom or developer app (e.g. your own OAuth app for Airtable), confirm in the app’s dashboard that the Client ID and Client Secret are correct and that the app is not disabled or expired.
• If the problem continues, contact support and mention “Invalid client credentials” and the name of the integration.

Refresh token is invalid

Error you might see:

Connection Error: refresh_token is invalid

What it means:

The stored “refresh token” that allows Sembly to keep accessing the app (e.g. Jira) without you logging in again is no longer valid. The app may have revoked it, or it may have expired.

What you can do:

• Disconnect the integration in Sembly, then reconnect it and sign in again when prompted. This issues a new refresh token.
• If you recently changed your password or security settings in the connected app (e.g. Jira), reconnect the integration after those changes.
• If you see this error repeatedly after reconnecting, contact support with the integration name and (if possible) the date you last reconnected.

No refresh token found

Error you might see:

Connection credentials refresh failed: Cannot refresh credentials: no refresh token found in credentials

What it means:

The integration was connected in a way that did not store a refresh token, or that token was lost. The system cannot refresh access without you signing in again.

What you can do:

• Disconnect the integration, then connect it again and complete the full authorization flow (log in to the app and approve access when prompted).
• Avoid closing the browser or canceling the authorization window before you see a success message.
• If the integration only offers a one-time login and no “refresh” option, you may need to reconnect it periodically; if that’s not possible, contact support to see if there’s another option for your app.

Refresh token not issued to this client (HubSpot)

Error you might see:

HubSpot Error (MISMATCH_REFRESH_TOKEN_CLIENT): refresh token was not issued to this client

What it means:

The HubSpot refresh token stored for this connection was created for a different HubSpot app or client. This often happens if the HubSpot app credentials (e.g. in a developer portal) were changed or if the connection was first created under a different app.

What you can do:

• In Sembly, disconnect the HubSpot integration, then reconnect it and go through the HubSpot authorization again so a new token is issued for the current app.
• If your organization manages HubSpot via a developer app, ensure everyone uses the same app and that the Client ID and Secret in Sembly match that app. Do not mix connections from different HubSpot apps.
• If the error persists, contact support and mention “MISMATCH_REFRESH_TOKEN_CLIENT” and HubSpot.

OAuth access denied

Error you might see:

OAuth Error: access_denied

What it means:

During authorization, you (or the user who was prompted) did not grant the requested permissions, or the app denied access (e.g. due to organization policy or user choice).

What you can do:

• Reconnect the integration and, when the app asks for permissions, accept all requested permissions (e.g. read/write access to the resources the automation needs).
• If you are not the right person to grant access (e.g. an admin must approve), have an admin complete the connection or grant the necessary permissions in the app’s admin console.
• If your company uses strict security or compliance policies, check whether the integration is allowed and whether an exception or different account is needed.

OAuth consent required

Error you might see:

OAuth Error: consent_required

What it means:

The app (often a Microsoft or work account) requires that an admin or user explicitly consent to the permissions requested by the integration. Consent has not been granted yet or has been withdrawn.

What you can do:

• Reconnect the integration. When redirected to the app’s sign-in or consent page, complete the flow and accept the requested permissions.
• For work or school accounts (e.g. Microsoft 365), an admin may need to grant “admin consent” for the app in the Azure or Microsoft admin center. If you see a message that admin consent is required, ask your IT or Microsoft 365 admin to approve the Sembly integration.
• After consent is granted, try connecting again in Sembly.

OAuth invalid scope requested

Error you might see:

OAuth Error: invalid_scope_requested (Error code: invalid_scope_requested)

What it means:

The integration requested a permission (scope) that the app does not support or that was not approved for your app (e.g. in the app’s developer or admin settings).

What you can do:

• Disconnect and reconnect the integration and ensure you accept all requested permissions when prompted.
• If you manage the app (e.g. a custom OAuth app), check the app’s configuration and ensure the required scopes are enabled and that your app is allowed to request them.
• If the error continues, contact support with the integration name; we may need to adjust the requested scopes for your use case.

Client not found (37signals / Basecamp)

Error you might see:

Connection Error: Client not found. Register at <https://integrate.37signals.com>

What it means:

The integration is trying to use 37signals (e.g. Basecamp) with an app that is not registered or no longer valid at 37signals’ integration portal.

What you can do:

• Go to https://integrate.37signals.com and register or sign in to your 37signals integration app. Ensure the app is active and that you have the correct Client ID and Client Secret.
• In Sembly, disconnect the 37signals/Basecamp integration and reconnect it, entering the correct app credentials when asked.
• If you did not create the app yourself, contact whoever manages your 37signals integrations and ask for the correct app details or a new app registration.

Microsoft / Azure AD configuration errors

These errors come from Microsoft’s identity system (Azure AD / Entra ID). They usually require fixing app registration or admin consent in the Azure portal (or Microsoft 365 admin).

Invalid client secret (Azure AD)

Error you might see:

Azure AD Error 7000215: AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID...

What it means:

The app is sending the wrong value as the “client secret.” Often the Secret ID (a reference) was used instead of the Secret value (the actual password). Azure AD only accepts the secret value.

What you can do:

• In Azure Portal → App registrations → your app → Certificates & secrets, find the secret you use for this integration.
• Copy the Value of the secret (not the “Secret ID”). If the value was never saved when the secret was created, you must create a new secret and use its Value in Sembly (or wherever the integration is configured).
• In Sembly, disconnect and reconnect the Microsoft integration (OneDrive, SharePoint, Teams, etc.) and enter the correct Client secret value when asked.
• Ensure no extra spaces or missing characters when pasting the secret.

Refresh token expired due to inactivity (Azure AD)

Error you might see:

Azure AD Error 700082: AADSTS700082: The refresh token has expired due to inactivity...

What it means:

Microsoft revokes refresh tokens that are not used for a long time (e.g. 90 days). The integration can no longer get new access without the user signing in again.

What you can do:

• Disconnect the Microsoft integration (OneDrive, SharePoint, Teams, etc.) in Sembly, then reconnect it and sign in again when prompted. This issues a new refresh token.
• To reduce how often this happens, use the integration regularly, or set a reminder to reconnect every few months if the integration is used rarely.
• If your organization has strict token lifetime policies, ask your IT admin whether longer-lived refresh tokens or different settings are available in Azure AD.

Missing “client id” in request (Azure AD)

Error you might see:

Azure AD Error 900144: AADSTS900144: The request body must contain the following parameter: 'client id'

What it means:

The request to Microsoft’s login server is missing the application’s Client ID (or it is incorrect). This is usually a configuration issue in how the integration is set up.

What you can do:

• In Azure Portal → App registrations → your app, copy the Application (client) ID.
• In Sembly (or wherever you configure the Microsoft integration), disconnect and reconnect the integration and enter the correct Client ID when asked. Ensure you are using the ID for the same app that has the correct redirect URIs and permissions.
• If the integration is pre-configured by your organization, contact your IT or admin and ask them to verify the Azure app’s Client ID and that it is correctly set in the integration settings.

Invalid or malformed request (Azure AD)

Error you might see:

Azure AD Error 9002313: AADSTS9002313: Invalid request. Request is malformed or invalid.

What it means:

Microsoft’s server received a request that is incomplete, has the wrong format, or contains invalid parameters. This can be due to a misconfiguration or a temporary issue.

What you can do:

• Disconnect and reconnect the Microsoft integration and complete the sign-in flow again without skipping steps.
• Clear your browser cache or try in an incognito/private window in case an old or cached value is being sent.
• If you manage the Azure app, check that redirect URIs and required parameters match what Sembly expects (see our integration docs or contact support for the correct redirect URI).
• If the error persists, contact support with the full error message and the integration name.

Missing parameters: clientId, clientSecret

Error you might see:

Connection credentials refresh failed: Cannot refresh credentials due to missing parameters: clientId, clientSecret

What it means:

The integration is trying to refresh access but the app’s Client ID or Client Secret is missing in the configuration. This often happens after an initial setup that was not completed or after credentials were removed.

What you can do:

• In the place where you manage this integration (Sembly or your identity provider), ensure Client ID and Client Secret are both set for the app (e.g. from Azure Portal or the third-party app’s developer console).
• Disconnect and reconnect the integration and enter both values when prompted. Create a new secret in the app’s portal if the previous one was lost or rotated.
• If someone else manages the app (e.g. IT), ask them to provide the correct Client ID and Secret and to add them to the integration configuration.

Unsupported auth type: oauth2

Error you might see:

Unsupported auth type: oauth2

What it means:

The integration is set up to use OAuth 2, but the current configuration or environment does not support that method for this app (e.g. the app might expect a different flow or the connection was created in an unsupported way).

What you can do:

• Disconnect and reconnect the integration using the standard “Connect with [App]” or “Sign in with Microsoft” flow in Sembly. Do not use custom or legacy auth if the product only supports OAuth 2 in the normal flow.
• If you are an admin and configured this via an API or custom setup, ensure the connection is created with the same OAuth 2 flow and app registration that Sembly expects. Contact support for the recommended auth type and endpoints for your app.

Temporary or upstream issues

These errors often indicate a temporary problem on the side of the connected service or our systems. Retrying later or reconnecting sometimes resolves them.

Connection credentials refresh failed: status code 503

Error you might see:

Connection credentials refresh failed: Failed to refresh access token: Request failed with status code 503

What it means:

The server that issues or refreshes access tokens (ours or the connected app’s) was temporarily unavailable (503 = “service unavailable”). This is usually short-lived.

What you can do:

• Wait a few minutes and run the automation again, or trigger the integration again. No need to change settings if nothing else was changed.
• If the error continues for more than an hour, disconnect and reconnect the integration to get a fresh token once the service is back.
• If 503 errors persist for a long time, the connected app (e.g. Jira, Microsoft) may be having an outage; check their status page. You can also contact support so we can confirm whether the issue is on our side.

API or request errors (HTTP 400 and similar)

These errors mean the request sent to the connected app was rejected (e.g. bad request, invalid data, or expired session). Reconnecting or correcting the data often helps.

Connection credentials refresh failed: status code 400

Error you might see:

Connection credentials refresh failed: Failed to refresh access token: Request failed with status code 400

Connection credentials refresh failed: Request failed with status code 400

What it means:

The server that refreshes tokens returned “400 Bad Request,” meaning the refresh request was invalid (e.g. wrong or expired refresh token, or incorrect parameters). The connection likely needs to be re-authorized.

What you can do:

• Disconnect the integration in Sembly, then reconnect it and complete the sign-in/consent flow. This replaces the refresh token and often fixes 400 errors on refresh.
• If you recently changed your password or security settings in the connected app, reconnect the integration after those changes.
• If the integration uses a custom app (e.g. Zoho, another CRM), ensure the app’s Client ID and Secret are correct and that the app is still active. Then reconnect in Sembly with those credentials.

Error making request to app (e.g. Asana): 400

Error you might see:

Error making request to <https://app.asana.com/api/1.0/users:> 400

What it means:

A request from Sembly to the connected app’s API (here, Asana) was rejected with “400 Bad Request.” This can be due to invalid or outdated credentials, missing permissions, or a change in the app’s API.

What you can do:

• Disconnect and reconnect the Asana (or other) integration and grant all requested permissions when prompted.
• In the app (e.g. Asana), check that your account and any API or app credentials are still valid and that the app has the scopes it needs (e.g. read users, read/write tasks).
• If you use a custom Asana app, ensure it is still enabled and that the token or OAuth credentials have not been revoked. Reconnect in Sembly after fixing the app side.

HTTP 400: Request failed with status code 400

Error you might see:

HTTP 400: Request failed with status code 400

What it means:

A request to the connected app’s API was rejected with “400 Bad Request.” The app did not accept the request (e.g. wrong format, invalid token, or missing permission). This can affect various integrations (e.g. Trello, other tools).

What you can do:

• Disconnect and reconnect the integration and complete the authorization flow. This refreshes tokens and permissions.
• Ensure you are not over rate limits or sending invalid data (e.g. empty or malformed fields) if you control what is sent. If the integration has options (e.g. which board or project to use), verify they still exist and are accessible.
• If the error continues, contact support with the integration name and (if possible) the exact error message or time of failure. We can help check whether the request format or scopes need to be updated for that app.

If you’re still having trouble, please contact our support team at support@sembly.ai with details and screenshot of the error, if possible.