ERR_AUTH_FAILED on Zapier: Authentication failed — Zap turns off or returns "We had trouble sending your Zap". Root cause: Zapier stores a refresh token for OAuth2-connected apps. When the connected app rotates its secret, revokes the token (e.g., a password change, a security policy enforcement, or a user being deprovisioned), or when the OAuth token expires without a successful refresh, Zapier can no longer authenticate on your behalf. The Zap is automatically paused and you receive an email with subject "Action required: your Zap needs attention". API key connections fail when the key is deleted, scoped incorrectly, or the IP whitelist on the destination app excludes Zapier's egress IPs. Step 1: Identify which connection is broken. Go to zapier.com → My Apps (left sidebar). Broken connections show a red warning triangle. Click the app name to see the exact error message — it will tell you whether the token expired, was revoked, or the credentials are wrong. Step 2: Reconnect the app. Click the broken connection → Reconnect. For OAuth2 apps (Google, Salesforce, HubSpot, etc.), you will be redirected to the app's login page. Sign in with the same account that owns the data your Zap needs. Do not sign in with your personal account if the Zap should run under a service account. Step 3: For API key connections, generate a new key. Log in to the destination app and navigate to its API or Developer settings. Generate a new API key with the minimum required scopes (read/write on the specific objects your Zap touches). Copy the key immediately — most apps only show it once. Paste it into the Zapier connection form and click Save. Step 4: Check IP whitelist if your app restricts access by IP. Some enterprise apps (Salesforce, SAP, internal tools) restrict API access to specific IP ranges. Zapier publishes its egress IP list at zapier.com/help/troubleshoot/common-problems/zapier-ip-addresses-to-whitelist. Add these to your app's allowlist before reconnecting. Step 5: Re-enable the Zap and run a test. After reconnecting, go back to the Zap editor, click Test on the failing step, and confirm it returns data. Then turn the Zap on. If the Zap was paused mid-run, check Zap History for tasks that errored during the outage — you may need to replay them manually. Step 6: Prevent future failures with a service account. Auth failures caused by password changes are the most common recurring issue. Create a dedicated service account (e.g., zapier@yourcompany.com) in the connected app, grant it the required permissions, and connect Zapier using that account. Service accounts are not subject to individual password rotation policies.