Back to HTTP Headers
Response

HTTP WWW-Authenticate Header

Indicates the authentication scheme that should be used to access the requested resource. Sent alongside 401 Unauthorized responses.

Purpose

Tells the client which authentication method to use when accessing a protected resource.

WWW-Authenticate: <type> realm=<realm> Example: WWW-Authenticate: Basic realm="Access to API" Example: WWW-Authenticate: Bearer realm="example", scope="read write"

Code Examples

See how to use the WWW-Authenticate header in different tools and languages.

curl -I https://api.example.com/protected
# HTTP/1.1 401 Unauthorized
# WWW-Authenticate: Bearer realm="api.example.com"

# Then authenticate:
curl -H "Authorization: Bearer token123" https://api.example.com/protected

Related Headers

Authorization

Contains credentials to authenticate the client with the server. Commonly used for Bearer tokens, Basic auth, and API keys.

Set-Cookie

Sends cookies from the server to the client. The client stores them and sends them back with subsequent requests via the Cookie header.

Test Your APIs

API Response Time Checker

Test your APIs and inspect response headers in real-time

HTTP Headers Reference

Complete reference of all HTTP request and response headers

www-authenticate headerhttp www-authenticatehttp headers guide