Overview

You're not authorised to get the response.

Takeaways

  1. The request has not been applied because it lacks valid authentication credentials for the target resource.
  2. The server generating a 401 response must send a WWW-Authenticate header field containing at least one challenge applicable to the target resource.
  3. If the request included authentication credentials, then the 401 response indicates that authorization has been refused for those credentials.
  4. The user agent may repeat the request with a new or replaced Authorization header field.
  5. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user agent should present the enclosed representation to the user, since it usually contains relevant diagnostic information.

Information

This status code is similar to the 403 Forbidden status code, except that in situations resulting in this status code, user authentication can allow access to the resource.

Example

HTTP/1.1 401 Unauthorized
Date: Wed, 21 Oct 2015 07:28:00 GMT
WWW-Authenticate: Basic realm="Access to staging site"

Related

403 Forbidden

Nope, the server isn't let you have that.

407 Proxy Authentication Required

The client needs to authenticate itself in order to use a proxy.

Further Reading

Specification

401 Unauthorized | The HTTP Working Group

401 Unauthorized

MDN web docs

WWW-Authenticate header field

MDN web docs

Authorization header field

MDN web docs