What class of response is HTTP 401?

HTTP 401 is a 4xx Client Error response. These indicate a client-side error.

How do I fix HTTP 401 Unauthorized?

HTTP 401 is a client error. Verify the request URL, method, headers, and body are correct. Consult the API documentation for the endpoint.

Is HTTP 401 an error?

Yes, HTTP 401 is an error — specifically a 4xx Client Error code.

HTTP 401 Unauthorized: What It Means and When You See It

Quick Answer

HTTP 401 Unauthorized means authentication is required and has failed or not been provided. Despite the name, it means unauthenticated — use 403 for authenticated-but-forbidden.

401 vs 403: Authentication vs Authorization

HTTP 401 means the client is not authenticated - no credentials provided or credentials are invalid. The response includes a WWW-Authenticate header specifying the authentication scheme (Bearer, Basic, Digest). HTTP 403 Forbidden means the client is authenticated (the server knows who they are) but does not have permission. A logged-in user accessing another user's private data gets 403. An unauthenticated user gets 401. Correct usage: wrong password -> 401. Correct password, wrong role -> 403. Missing Authorization header -> 401. Valid token, expired -> 401. Valid token, wrong scope -> 403.

Debugging HTTP 401

Check the WWW-Authenticate response header - it tells you the expected authentication scheme. Common causes: (1) Missing Authorization header - add Authorization: Bearer {token} to your request. (2) Expired token - refresh the access token using your refresh token. (3) Invalid token - re-authenticate to get a new token. (4) Token sent in wrong format - Bearer tokens need the "Bearer " prefix. (5) Clock skew - JWT exp validation fails if server and client clocks differ by more than a few minutes. In curl: curl -H "Authorization: Bearer YOUR_TOKEN" https://api.example.com/endpoint.

Implementing 401 in APIs

Express.js middleware: function requireAuth(req, res, next) { const auth = req.headers.authorization; if (!auth?.startsWith("Bearer ")) return res.status(401).set("WWW-Authenticate", "Bearer realm=api").json({ error: "Unauthorized" }); const token = auth.slice(7); try { req.user = jwt.verify(token, SECRET); next(); } catch { return res.status(401).json({ error: "Token invalid or expired" }); } }. FastAPI: raise HTTPException(status_code=401, headers={"WWW-Authenticate": "Bearer"}, detail="Invalid credentials"). Always include the WWW-Authenticate header on 401 responses per RFC 7235.

Try the interactive tool

Convert any value instantly — no sign-up required

Open tool →

Frequently Asked Questions

Related Values

100

HTTP 100 Continue means the server has received the request headers and the client should proceed to send the request body. It is an interim response used to inform the client to continue.

101

HTTP 101 Switching Protocols indicates the server is switching to the protocol specified in the Upgrade header field. Commonly used when upgrading to WebSocket connections.

200

HTTP 200 OK is the standard success response. The request has succeeded and the server has returned the requested resource in the response body.

201

HTTP 201 Created means the request succeeded and a new resource was created as a result. The Location header typically points to the new resource URL.