What is the difference between 401 and 403?

401 means you are not authenticated (not logged in), while 403 means you are authenticated but do not have permission to access the resource.

How do I fix a 401 error?

Include valid authentication credentials in your request. Check if your token or API key is expired, and ensure you are using the correct authentication scheme.

HTTP 401 Unauthorized — What It Means & How to Fix It

Error4xx client error

Overview

The HTTP 401 Unauthorized status code indicates the request requires authentication. The client must provide valid credentials to access the resource.

Key Details

Despite its name, 401 means unauthenticated, not unauthorized (which is 403).
The response should include a WWW-Authenticate header indicating the authentication method.
Common authentication schemes include Basic, Bearer (token), and Digest.
The client should retry the request with proper authentication credentials.
API keys, JWTs, or session cookies may be missing or expired.

Common Causes

No authentication credentials were provided in the request.
The provided API key, token, or session cookie is invalid or expired.
The Authorization header is malformed or uses an unsupported scheme.
A login session has timed out and needs to be refreshed.

Steps

1Check that you are including the correct authentication credentials in your request.
2Verify your API key or token has not expired.
3Ensure the Authorization header uses the correct scheme (Bearer, Basic, etc.).
4If using sessions, check if you need to log in again.
5Review the WWW-Authenticate response header for the expected authentication method.