ContextQMD
Back to Content

401 Unauthorized

files/en-us/web/http/reference/status/401/index.md

latest1.8 KB
Original Source

The HTTP 401 Unauthorized client error response status code indicates that a request was not successful because it lacks valid authentication credentials for the requested resource. This status code is sent with an HTTP {{HTTPHeader("WWW-Authenticate")}} response header that contains information on the authentication scheme the server expects the client to include to make the request successfully.

A 401 Unauthorized is similar to the {{HTTPStatus("403", "403 Forbidden")}} response, except that a 403 is returned when a request contains valid credentials, but the client does not have permissions to perform a certain action.

Status

http
401 Unauthorized

Examples

Unauthorized request to a protected API

The following GET request is made to a URL www.example.com/admin that expects credentials in an {{HTTPHeader("Authorization")}} header:

http
GET /admin HTTP/1.1
Host: example.com

The server responds with a 401 message and a {{HTTPHeader("WWW-Authenticate")}} header indicating that the request must be authenticated and that Bearer auth (an access token) is the permitted authentication scheme:

http
HTTP/1.1 401 Unauthorized
Date: Tue, 02 Jul 2024 12:18:47 GMT
WWW-Authenticate: Bearer

Specifications

{{Specifications}}

See also

  • HTTP response status codes
  • HTTP authentication
  • {{Glossary("Challenge")}}
  • {{HTTPHeader("WWW-Authenticate")}}
  • {{HTTPHeader("Authorization")}}
  • {{HTTPHeader("Proxy-Authorization")}}
  • {{HTTPHeader("Proxy-Authenticate")}}
  • {{HTTPStatus("403")}}, {{HTTPStatus("407")}}