When you build a pipeline in Quickbase Pipelines, each step connects to a service (like Quickbase, Salesforce, Google Drive) through a connected account. That account holds the credentials Pipelines uses to communicate with the service on your behalf.
If Pipelines repeatedly fails to authenticate to this service using a given account, it will eventually mark that account as Deauthorized. A deauthorized account can no longer be used, and any pipeline that relies on it will stop running until you reconnect it.
This article explains exactly when that happens, why it's designed this way, and how to fix it.
What causes authentication errors
An authentication error means the external service rejected our credentials—typically an HTTP 401 Unauthorized or 403 Forbidden response.
Common reasons:
The password, API token, or user token was changed or revoked on the external service
An OAuth connection was revoked, expired, or had its consent withdrawn
The user behind the account lost the permissions or license needed for the connected app
The account was disabled or deleted on the external service
A single failure is not enough to deauthorize an account. Many failures are temporary, caused by a brief outage or a momentary token-refresh failure. Pipelines tolerates brief failures and only acts when they are clearly persistent.
Warning
Each iteration of a loop counts as a separate authentication failure. In a pipeline with 100 or more loop iterations, a single failing step can deauthorize the account before the run completes. Resolve any authentication issues before running pipelines with large loops.
Pipelines tracks failures using the following logic:
Every authentication failure adds 1 to that account's error count.
Any successful call resets the count back to 0. The very next time the account communicates with the external service successfully, the counter clears. This is what makes the mechanism self-correcting: temporary problems never build up over time.
When the count reaches 100 consecutive authentication failures, the account is marked Deauthorized.
Because a single success resets the counter, an account only reaches deauthorization when it has failed 100 times in a row with no successful call in between. That means the credentials are genuinely broken and need attention, not just a temporary issue.
What happens when an account is deauthorized
Once an account is marked Deauthorized:
Pipelines that use it stop running. Any pipeline with a step connected to that account is flagged as invalid and will not execute.
Affected steps show an error indicating the account is deauthorized and needs to be reconnected.
Triggers are suspended. Automatic triggers (polling and webhook-based) attached to that account stop firing until the account is healthy again.
Manual runs are blocked for the affected pipelines until the account is reconnected.
The account itself, your pipeline definitions, and your configuration are all preserved. Nothing is deleted.
How to fix a deauthorized account
Deauthorization is intentionally not reversed automatically. The credentials stopped working and need to be updated. To update credentials:
In Pipelines, select Accounts.
Find the account with deauthorized credentials and select the three-dot more menu in the far-right column.
Select Reconnect. Sign in again, re-run the OAuth flow, or paste a fresh API/user token, depending on the channel.
Once the account successfully connects, its status returns to OK, the error count is cleared, affected pipelines become valid again, and any suspended triggers resume.
Note
Before reconnecting, confirm the underlying issue is resolved on the external service: for example, that the token hasn't been revoked, the user still has the required permissions, and any required app or license is still active. Otherwise the new connection may fail again and the account can be deauthorized a second time.
About the Quickbase Realm Default Account
One exception applies. A Quickbase realm's tokenless Realm Default Account is never automatically deauthorized, even if it accumulates authentication errors. This account is shared infrastructure used to keep a realm's Pipelines running, so it is protected from being disabled by transient or widespread errors. Its error count is still tracked, but reaching the threshold will not deauthorize it.