401 Unauthorized
A 401 Unauthorized error means the request lacks valid authentication credentials for the target resource. Despite the name, this error is about authentication (proving who you are), not authorization (what you are allowed to do). For developers, it signals that the request did not include a valid token, API key, or session credential, or that the provided credentials have expired.
Common causes
- Missing Authorization header or API key in the request
- Access token or session cookie has expired and needs to be refreshed
- Incorrect username, password, or API key credentials supplied
- OAuth token was revoked or invalidated by the identity provider
- Authentication scheme mismatch, such as sending a Bearer token when Basic auth is expected
How to fix it
- Verify that the Authorization header is present and uses the correct scheme (Bearer, Basic, etc.)
- Refresh expired tokens using the refresh token flow or re-authenticate the user
- Double-check API keys and secrets for typos, and ensure they match the correct environment
- Confirm the token has not been revoked in your identity provider dashboard
- Check server logs to determine whether the credential was missing, malformed, or expired
Detect 401 Unauthorized errors with Checkend
Checkend monitors your application and alerts you when 401 errors occur, with full request context:
- Full request details (URL, headers, params)
- Server-side stack trace and error context
- Automatic grouping of similar errors
- Instant notifications when error rates spike
Related HTTP errors
A 403 Forbidden error means the server understood the request but refuses to authorize it. Unlike a ...
A 400 Bad Request error means the server cannot process the request because the client sent somethin...
A 429 Too Many Requests error means the user has sent too many requests in a given amount of time an...
Stop debugging HTTP errors in production
Get full error context and fix issues faster with self-hosted error tracking.