Skip to content
Latchkey

Nx Cloud 401 Unauthorized in CI

A 401 from Nx Cloud means the request authenticated with a token, but Nx Cloud rejected it. The connection works; the credential is wrong, revoked, or does not belong to this workspace.

What this error means

Nx Cloud calls fail with a 401 Unauthorized response, and remote caching or distributed execution is disabled for the run.

Nx Cloud
NX   Nx Cloud responded with 401 Unauthorized.
The provided access token is invalid.

Common causes

The token is invalid or revoked

A rotated, deleted, or mistyped NX_CLOUD_ACCESS_TOKEN authenticates as an unknown principal and is rejected with 401.

The token belongs to another workspace

A token generated for a different Nx Cloud workspace does not match this one, so the request is unauthorized.

How to fix it

Rotate and re-set the token

  1. Generate a fresh access token for this exact workspace in Nx Cloud.
  2. Update the NX_CLOUD_ACCESS_TOKEN secret with the new value.
  3. Re-run and confirm the 401 clears.
.github/workflows/ci.yml
env:
  NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_ACCESS_TOKEN }}

Confirm the token matches the workspace

A 401 will not clear on retry. Verify the token was issued for the same workspace the nx.json cloud config points to.

How to prevent it

  • Issue tokens per workspace and label them clearly.
  • Rotate tokens on a schedule and update the secret immediately.
  • Treat a persistent 401 as a credential problem, not a transient one.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →