401 Unauthorized is a HTTP status code that indicates the client’s request lacks valid authentication credentials for the requested resource, therefore access is denied.

Here are some example scenarios that can trigger 401 Unauthorized:

  • Authentication Required: A 401 redirect indicates that a user has not authenticated and is not authorized to access the content. This may happen if anonymous users try to access protected pages that require login credentials.
  • Session Expired: A site may return a 401 if an authenticated user’s session has expired and they need to login again before continuing. This indicates the user’s access is no longer authorized.
  • Failed Login Attempt: If a user enters incorrect login credentials, the authentication fails and a 401 redirect may tell them access is not authorized with those details.
  • Token Expiration: APIs often use access tokens which can expire. Attempting a request with an expired token prompts a 401 to redirect the user to re-authenticate.
  • Insufficient Permissions: A formerly authorized user who no longer has permissions due to a change in roles or privileges may be issued a 401 until their access is updated.