HTTP 401 Unauthorized

Plain-English meaning

The request lacks valid authentication credentials.

Why it happens

The server requires auth, but token, session, or signature is missing or invalid.

Common causes

  • Expired JWT or OAuth token
  • Authorization header dropped at proxy boundary
  • Wrong audience/issuer claims
  • Clock skew breaks signed token validation

What to check first

Inspect WWW-Authenticate header and auth middleware logs; verify token expiration, issuer, and scope.

How to fix it

Refresh or reissue credentials, fix token validation config, and preserve Authorization headers through proxies.

Example signal

GET /api/orders
Authorization: Bearer 
HTTP/1.1 401 Unauthorized

Related links

404 · 429 · 500 · 502 · 503 · 504 · Cloudflare 522 · Nginx 499 · ERR_CONNECTION_REFUSED

Client errors hub · Server errors hub · Comparison pages · Homepage