HTTP 401 Unauthorized

What Does HTTP 401 Mean?

HTTP 401 Unauthorized indicates that the request lacks valid authentication credentials. Despite its name, this status code is about authentication (who you are), not authorization (what you're allowed to do).

When a server returns 401, it includes a WWW-Authenticate header specifying the authentication scheme (Basic, Bearer, Digest, etc.). Browsers typically display a login dialog for Basic authentication. APIs return 401 when the access token is missing, expired, or invalid.

HTTP 401 means 'not authenticated' — the server doesn't know who you are. This is different from 403 (Forbidden), which means the server knows who you are but you don't have permission to access the resource.

Common Causes of 401 Unauthorized

Authentication is required but not provided or invalid. Common causes: missing Authorization header, expired access token, invalid API key, incorrect username/password, and revoked credentials.

The server includes a WWW-Authenticate header indicating the authentication scheme to use.

How to Fix 401 Unauthorized

For visitors: log in with valid credentials or obtain an API key. For developers: verify your Authorization header format, check that tokens haven't expired, refresh OAuth tokens if needed, and ensure API keys are correctly included in the request.

For API authentication, check the documentation for the correct authentication scheme (Bearer token, API key, Basic auth).

Related Status Codes

🔍 Check Your IP Address

While you're here, find out your public IP address, location, and ISP details instantly.