← Back to status codes
HTTP Status Code
401 Unauthorized
Client ErrorAuthentication is required and the current request does not include valid credentials.
HTTP status code reference, response example, common causes, fixes, and related status codes.
What does HTTP 401 Unauthorized mean?
HTTP 401 Unauthorized is a status code sent by a server to indicate the result of an HTTP request.
Status codes help browsers, APIs, apps, and backend systems understand whether a request succeeded, failed, was redirected, or needs additional action.
In practice, HTTP 401 Unauthorized usually appears when a server responds under specific request, validation, permission, or infrastructure conditions.
Response example
HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer
HTTP example
HTTP/1.1 401 Unauthorized
Relevant headers
WWW-Authenticate
WWW-Authenticate: Bearer
Authorization
Authorization: Bearer YOUR_TOKEN
Common causes
- Missing token
- Expired access token
- Invalid credentials
How to fix it
- Send valid authentication credentials
- Refresh the token if it expired
- Check auth middleware configuration
Common mistakes
- Assuming the status code alone explains the full backend issue
- Ignoring related response headers that add important context
- Treating temporary errors as permanent failures
- Retrying too aggressively without checking the cause
- Debugging the frontend only when the problem is server-side
How browsers and APIs use it
Browsers, APIs, and backend services use HTTP status codes to understand the outcome of a request. Depending on the status code, an application may render content, retry a request, redirect the user, show an error, or trigger a different flow in the client or server.
Developer note
HTTP 401 means the client is not properly authenticated. In API work, this often points to missing or expired bearer tokens.
Client-side example
const response = await fetch("/api/private", {
headers: {
Authorization: "Bearer " + token,
},
});
if (response.status === 401) {
console.log("User must log in again");
}