401 Unauthorized HTTP Status Code


HTTP status code 401 is defined as "Unauthorized". It indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. This status code is sent alongside a WWW-Authenticate header, which contains information on how to authorize correctly. It's important to note that 401 is different from 403 Forbidden, which means the server understood the request but refuses to authorize it. If the request already included authentication credentials, then the 401 response indicates that authorization has been refused for those credentials. In the context of HTTP, "unauthorized" technically means "unauthenticated" or "that the requested authentication is required and has thus far been refused or not provided".


401 Unauthorized

Common Causes

Here are some common causes for receiving a 401 status code:

  1. Missing Authentication Credentials: The request did not include any authentication credentials. This is often the case when accessing a resource that requires a user to be logged in, but the user has not provided login credentials.

  2. Invalid Credentials: The authentication credentials provided (e.g., username and password) are incorrect. This can happen if the user mistypes their password or uses the wrong authentication method.

  3. Expired Token: Many modern web APIs use tokens (such as JWT tokens) for authentication. If the token has expired or is no longer valid, the server will respond with a 401 status code.

  4. Insufficient Permissions: The user might be authenticated but does not have the necessary permissions to access the requested resource. Although a 403 Forbidden status code is more specifically used for authorization issues, some servers might still respond with a 401 in this case.

  5. Authentication Method Not Supported: The server does not support the authentication method used in the request. For example, if a server requires Basic Authentication but receives credentials in a different format, it may respond with a 401.

  6. Session Timeout: For web applications that rely on sessions, a session timeout due to inactivity might result in a 401 response when the user attempts to access resources after the timeout period has elapsed.

  7. Configuration Errors: Misconfiguration of the server or the authentication mechanism (e.g., incorrect settings in the .htaccess file for Apache servers) can also lead to 401 errors.

To resolve a 401 error, one needs to ensure that valid authentication credentials are provided with the request and that the authentication method matches what the server expects. Additionally, checking for any session expirations or permissions issues can help in diagnosing the problem.

Browser Support

The following table will show you the current browser support for the 401 Unauthorized HTTP status code.

Edge Chrome Firefox Opera Safari
Tablets / Mobile
Chrome Firefox Opera Safari Samsung Webview

Last updated by CSSPortal on: 1st April 2024