401 Unauthorized
Authentication is required and has failed or has not yet been provided.
Explanation
The 401 (Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. The server MUST send a WWW-Authenticate header field containing at least one challenge applicable to the target resource.
If the request included authentication credentials, the 401 response indicates that authorization has been refused for those credentials. The client MAY repeat the request with new or different credentials.
Note that despite the name "Unauthorized", this status code actually means "Unauthenticated" - the client has not provided valid authentication. Status code 403 (Forbidden) is used when the client is authenticated but doesn't have permission to access the requested resource.
Example Response
HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="Access to the production API" Content-Type: text/html <html> <head> <title>Unauthorized</title> </head> <body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested.</p> </body> </html>
Related Status Codes
Check where URLs redirect to with our free URL redirect checker.
Check URL Redirects