401 Unauthorized (HTTP Status Code 401)

Updated: at 09:12 AM

HTTP status code 401 indicates that the requested resource requires authentication. If the client fails to provide valid authentication credentials or if the provided credentials cannot be verified by the server, the server will return this status code.

The 401 status code is typically associated with the following situations:

When the server returns a 401 status code, it typically includes a WWW-Authenticate field in the response header, indicating how to authenticate. This field may contain an authentication scheme (such as Basic or Digest) along with any parameters needed for authentication.

For example, the server might send the following response:

HTTP/1.1 401 Unauthorized
Content-Type: text/html
Content-Length: 281
WWW-Authenticate: Basic realm="Access to the staging site"

<html>
<head><title>Authentication Required</title></head>
<body>
<h1>Authentication Required</h1>
<p>You need to provide a valid username and password to access this resource.</p>
</body>
</html>

In this example, the status code 401 indicates that access is denied due to the lack of valid authentication information. The WWW-Authenticate header indicates that the client needs to use the Basic authentication scheme and provides a protected realm named “Access to the staging site.”

When the client receives a 401 response, it should prompt the user to enter the correct authentication information (such as a username and password) and then resend the request using the appropriate authentication scheme.

It is important to note that, for security reasons, when using the Basic authentication scheme, the username and password should be sent over HTTPS (rather than HTTP) to prevent sensitive information from being intercepted.