HTTP 401 Unauthorized
Authentication is required. The client must provide valid credentials.
Unauthorized
Authentication is required. The client must provide valid credentials.
What Causes HTTP 401?
- Missing or invalid API key or token
- Expired authentication credentials
- Missing Authorization header
- Invalid JWT or session token
- Basic authentication credentials are incorrect
Code Examples
See how HTTP 401 responses look in different programming languages and tools.
curl -X GET https://api.example.com/protected
# Without auth header
# Response: 401 Unauthorized
curl -X GET https://api.example.com/protected \
-H "Authorization: Bearer valid-token"
# Response: 200 OKHow to Fix HTTP 401
- Provide valid authentication credentials via Authorization header
- Check that API key or token has not expired
- Ensure Bearer token, Basic auth, or API key format is correct
- Redirect user to login page for web applications
- Refresh expired tokens and retry the request
Related Status Codes
The request was malformed or invalid. The server cannot process it.
The server understood the request but refuses to authorize it. Authentication won't help.
The requested resource could not be found on the server.
Rate limit exceeded. The client has sent too many requests in a given time period.
The server encountered an unexpected condition that prevented it from fulfilling the request.
Test Your APIs
Frequently Asked Questions
What does HTTP 401 mean?
Authentication is required. The client must provide valid credentials.
What causes HTTP 401?
Missing or invalid API key or token. Expired authentication credentials. Missing Authorization header. Invalid JWT or session token. Basic authentication credentials are incorrect
How to fix HTTP 401?
Provide valid authentication credentials via Authorization header. Check that API key or token has not expired. Ensure Bearer token, Basic auth, or API key format is correct. Redirect user to login page for web applications. Refresh expired tokens and retry the request