Hello,
We're facing a recurring issue while integrating the Google Calendar API with our Solution.
Issue Summary
Even though we are correctly refreshing the access token using the stored refresh token via the standard OAuth 2.0 flow, the Google Calendar API intermittently returns a 401 Unauthorized error:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials.",
"status": "UNAUTHENTICATED"
}
}
This issue reappears every few days—even when using a freshly refreshed and previously working access token.
Sample API Request
GET https://www.googleapis.com/calendar/v3/calendars/CALENDAR_ID/events?timeMin=2025-04-28T10:00:00Z
Headers:
Authorization: Bearer ACCESS_TOKEN
Content-Type: application/json
Response:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials.",
"status": "UNAUTHENTICATED"
}
}
We are using the following Google API endpoints:
GOOGLE_OAUTH_URI = 'https://accounts.google.com/o/oauth2/';
GOOGLE_TOKEN_URI = 'https://oauth2.googleapis.com/';
GOOGLE_CAL_URI = 'https://www.googleapis.com/calendar/v3';
GOOGLE_API_SCOPE = 'https://www.googleapis.com/auth/calendar';
The access token is saved with an expiration time and refreshed correctly.
The refresh token is not revoked or changed.
No manual changes are made to the OAuth credentials or project settings in Google Cloud Console.
We are applying the new access token immediately after receiving it.
Questions for the Community or Google Support
Why might a freshly refreshed, valid access token intermittently return 401 errors?
Are there any token invalidation rules, hidden revocation triggers, or quota limits that could cause this?
Could this behavior be account-specific or related to internal API caching or security policies?
Is there a way to validate access token health before making API calls?
This issue is impacting our production systems, and any guidance or insights from the community or Google team would be greatly appreciated.
Thank you!
LinkedIn
Twitter
