DevToolbox

HTTP 401 Unauthorized

Authentication is required and has failed or has not been provided.

4xx Client Error

401

Unauthorized

Description

The 401 Unauthorized status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. The server generating a 401 response must send a WWW-Authenticate header field containing at least one challenge applicable to the target resource. If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. The user agent may repeat the request with a new or replaced Authorization header field. Despite its name, this status code actually relates to authentication (proving identity), not authorization (permissions). A 403 status code is more appropriate when the user is authenticated but lacks sufficient permissions.

When Is It Used?

Returned when an API request is missing authentication credentials or when the provided credentials are invalid. Common with APIs requiring API keys, Bearer tokens, or Basic authentication.

Example Response

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="api"
Content-Type: application/json

{"error": "unauthorized", "message": "Invalid or missing authentication token"}

Related Status Codes

403

Forbidden

The server understood the request but refuses to authorize it.

407

Proxy Authentication Required

The client must first authenticate itself with a proxy server.

400

Bad Request

The server cannot process the request due to a client error.

Look Up Any Status Code

Browse all status codes