Unauthorized
Production Risk
Moderate. It is a normal part of a secure application flow. However, if it appears unexpectedly, it could indicate a problem with the authentication system or client-side token management.
The client must authenticate itself to get the requested response. This status is similar to 403, but in this case, authentication is possible. The response must include a WWW-Authenticate header field containing a challenge applicable to the requested resource.
- 1A user tries to access a protected page without logging in.
- 2An API request is made without a valid API key or authentication token.
- 3An authentication token has expired or is invalid.
An application makes a request to a protected API endpoint without including the required 'Authorization' header.
GET /api/user/profile HTTP/1.1 Host: example.com
expected output
HTTP/1.1 401 Unauthorized WWW-Authenticate: Bearer
Fix 1
Provide Authentication Credentials
WHEN Accessing a protected resource.
curl -H 'Authorization: Bearer <your_token>' https://api.example.com/user/profile
Why this works
Client-Side Request
Fix 2
Implement a Login Flow
WHEN A user is not authenticated.
Redirect the user to a login page to obtain credentials.
Why this works
Application Logic
✕
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev