HTTP Status Code 401 = “Unauthorized”
The request requires valid authentication credentials, but:
- no credentials were provided,
- the token/session is invalid,
- or authentication failed. Common causes
- Missing login/auth token
- Expired JWT/API token
- Invalid username/password
- Wrong API key
- Expired session/cookies
- Incorrect
Authorizationheader Example
http id=”v8m2qx”
HTTP/1.1 401 Unauthorized
Often returned with:
http id=”k4p7we”
WWW-Authenticate: Bearer
API example
Request without token
http id=”f2q9zn”
GET /api/profile HTTP/1.1
Response
http id=”a7w3kd”
HTTP/1.1 401 Unauthorized
Fixes for users
- Log in again
- Refresh expired session
- Check username/password
- Verify API token/key
- Clear browser cookies
Fixes for developers
1. Send Authorization header
Bearer token
http id=”p5m8rc”
Authorization: Bearer YOUR_TOKEN
2. Axios example
js id=”j9k2vx”
axios.get(‘/api/user’, {
headers: {
Authorization: Bearer ${token}
}
});
3. PHP cURL
php id=”u3q7yt”
curl_setopt($ch, CURLOPT_HTTPHEADER, [
‘Authorization: Bearer TOKEN’
]);
4. Laravel protected route
php id=”n4w8zb”
Route::middleware(‘auth:sanctum’)->get(‘/user’, function () {
return auth()->user();
});
Difference between 401 and 403
| Code | Meaning |
| — | |
| 401 | Authentication required/failed |
| 403 | Authenticated but forbidden |
Example
401→ “Please log in”403→ “You cannot access this” Common authentication types- Bearer Token (JWT)
- API Key
- OAuth
- Basic Auth
- Session Cookies Related HTTP status codes
| Code | Meaning |
|---|---|
400 | Bad Request |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
419 | Page Expired |
429 | Too Many Requests |