401 Unauthorized

The HTTP 401 Unauthorized client error response status code indicates that a request was not successful because it lacks valid authentication credentials for the requested resource. This status code is sent with an HTTP WWW-Authenticate response header that contains information on the authentication scheme the server expects the client to include to make the request successfully.

A 401 Unauthorized is similar to the 403 Forbidden response, except that a 403 is returned when a request contains valid credentials, but the client does not have permissions to perform a certain action.

Status

401 Unauthorized

Examples

Unauthorized request to a protected API

The following GET request is made to a URL www.example.com/admin that expects credentials in an Authorization header:

GET /admin HTTP/1.1
Host: example.com

The server responds with a 401 message and a WWW-Authenticate header indicating that the request must be authenticated and that Bearer auth (an access token) is the permitted authentication scheme:

HTTP/1.1 401 Unauthorized
Date: 2024年7月02日 12:18:47 GMT
WWW-Authenticate: Bearer

Specifications

See also

• HTTP response status codes
• HTTP authentication
• Challenge
• WWW-Authenticate
• Authorization
• Proxy-Authorization
• Proxy-Authenticate
• 403, 407