401
Unauthorized
The request lacks valid authentication credentials. The server requires the client to authenticate before accessing the resource. Despite the name, this is about authentication (who you are), not authorization (what you can do).
What does HTTP 401 mean?
The request lacks valid authentication credentials. The server requires the client to authenticate before accessing the resource. Despite the name, this is about authentication (who you are), not authorization (what you can do).
Common causes
- 1
No authentication token, API key, or session cookie was included in the request.
- 2
The token or credentials have expired. JWTs, OAuth tokens, and session cookies all have expiration times.
- 3
The API key or Bearer token is malformed, revoked, or belongs to a different environment (e.g., using a staging key in production).
How to fix it
- 1
Include valid credentials in the request. For APIs, add an Authorization header (e.g., Authorization: Bearer <token>).
- 2
If the token expired, refresh it. For OAuth, use the refresh token flow. For sessions, redirect the user to log in again.
- 3
Verify you are using the correct API key for the environment. Check that the key has not been rotated or revoked.
Monitor for HTTP 401 errors
Uptrack can monitor authenticated endpoints by including custom headers in its checks. If your auth system breaks and valid tokens get rejected, Uptrack catches the 401 spike immediately.
Catch HTTP errors before your users do
20 monitors free — 10 at 30s, 10 at 1min. No credit card required.
Start Monitoring Free