Managing Platform Credentials for Automations

Automations that write to external platforms use platform credentials. Here's how to manage OAuth tokens and API keys, and what to do when they expire.

When an automation writes to an external platform — creating a record in Salesforce, sending a Slack message, updating a HubSpot contact — it uses the credentials you provided when you connected that platform.

How credentials work

OAuth platforms: ThatApp stores an access token and refresh token. The refresh token keeps the connection alive without requiring you to re-authorize. Most OAuth tokens stay valid indefinitely as long as ThatApp refreshes them regularly.
API key platforms: ThatApp stores the API key you provided. API keys do not expire unless you revoke them in the source platform.
SQL databases: ThatApp stores the username and password you provided.

When credentials expire

The most common cause of automation failures is an expired or revoked credential. Signs:

An automation that was working suddenly starts failing
AVA reports "authorization error" or "credential expired"
You changed your password in a source platform

Re-authorizing an OAuth platform

Tell AVA: "Re-authorize Salesforce." She will show you an authorization button. Complete the OAuth flow in the browser window that opens. ThatApp updates the stored token. Existing automations resume using the new token.

Updating an API key

Tell AVA: "Update the API key for [platform name]." She will ask for the new key, validate it, and replace the old one.

Viewing all credentials

Tell AVA: "Show me the credential status of all my connected platforms." She will list each platform and when its credentials were last validated.

Related: How Automations Work · All 181 Supported Platforms