Connections between Openbridge and your data source or data destination require authorization. Authorized access to your accounts can sometimes be disconnected. These authorizations can expire for several reasons, including password changes, account locks, user access removal, and access token lifespans.
While this can be frustrating, it's important to remember that it's normal behavior and is usually the result of a change to keep a data source account safe and secure.
My authorization is expired; now what?
Openbridge will email "Authorization Failure" notifications when we detect that your account authorization is not working. Once a notification is sent, we suggest taking immediate action to ensure data continues to flow.
When authorizations expire, you need to reconnect to the source (or destination) and authorize us again.
IMPORTANT: If Openbridge loses authorization to a data source or a data destination (where we deliver data), data delivery may be adversely impacted. For example, if authorization is lost to Facebook for three days, there may be gaps in your data when reauthorizing on day 4. While we attempt to mitigate the negative impacts of lost authorizations, there is a risk of data gaps given the nature of some data sources.
If you are not doing so today, we suggest using "group" emails for your primary user account email address. This will ensure notifications for failed identities go to more than one person. See Using Email "Groups" For Distributed Notifications.
How to Identify Invalid Authorizations
There are two places to find an invalid authorization in your Openbridge account. The first is on your Pipelines page:
You can see that the My User identity is no longer valid. The other place to find invalid authorizations is on the Identities page:
Any identity needing attention will be highlighted in red, as shown above.
Fixing Invalid Identities
You have two options: either reauthorize the identity or delete it. Please note that you can not delete an identity attached to any active or inactive pipeline. Since an identity can be shared across multiple pipelines, you must first deactivate or "turn off" any active pipeline. Then, you must delete any associated pipeline before you can remove an identity.
Example Use Cases
Regardless of the data source or destination, authorizations can expire and need reauthorization.
The following are typical use cases that can trigger a reauthorization notification;
Username or password changed: Changing your username or password results in the data source removing access to your account because the original credentials used to authenticate the account no longer exist.
Access has been revoked: Each data source lists third-party apps granted authorization to access your account. When the Openbridge app access is revoked, authorization is lost. Once authorization is lost, access is blocked.
Access has expired: Some sources auto-expire authorization after a set time period. For example, Amazon Selling Partner API will expire an authorization after 12 months unless you take action to renew it manually. See Amazon Selling Partner Expired or Expiring Authorizations. If your source performs auto expirations, please take note of that and plan accordingly.
Account status changes: Another example is that your account has been removed as an authorized user. As a Facebook Admin for Acme Corp, our authorization is removed if you are removed and no longer have Admin access (for Facebook Pages) to Acme Corp.
References
See Understanding Remote Identities for more background. Also, see Using Trusted External Identities.