← all status codes

HTTP 401 Unauthorized

What a 401 Unauthorized response means, why it happens, and the fastest ways to fix it.

401
Unauthorized
4xx client error
Class

Authentication is required and has failed or wasn't provided. Despite the name, this is about authentication (who you are), not authorization.

  • Missing/expired/invalid token or API key.
  • Wrong auth scheme (Bearer vs Basic).
  • Clock skew invalidating JWT exp/nbf claims.
  • Check the Authorization header is actually sent (CORS blocks it cross-origin unless allowed).
  • Refresh or re-issue expired tokens.
  • Compare the WWW-Authenticate response header with what you send.

Notes

HTTP status codes are defined in RFC 9110 (which replaced RFC 7231). The first digit is the class: 1xx informational, 2xx success, 3xx redirection, 4xx client error, 5xx server error.

Same class: 400 · 403 · 404 · 405 · 408 · 409 · 410 · 412 · 413 · 415 · 418 · 422 · 425 · 429 · 431 · 451

All codes: HTTP status code reference

Frequently asked questions

What does HTTP 401 mean?

HTTP 401 Unauthorized: Authentication is required and has failed or wasn't provided. Despite the name, this is about authentication (who you are), not authorization.

How do I fix a 401 error?

Check the Authorization header is actually sent (CORS blocks it cross-origin unless allowed). Refresh or re-issue expired tokens. Compare the WWW-Authenticate response header with what you send.

Is a 401 my fault or the server's?

401 is a client error — the request itself needs to change, though server misconfiguration can also trigger it.

Found this useful? 113 free, browser-only tools by Yuvrajsinh Jadav — an engineer who ships production AI systems. No account, nothing sent anywhere.