DB / HTTP/Web / 401
WARNING
HTTP/Web Unauthorized
HTTP 401 indicates the request lacks valid authentication credentials for the target resource. The server requires authentication but either no credentials were provided or the provided credentials are invalid.
Common Causes
- Missing or invalid authentication headers (Authorization: Bearer token)
- Expired or revoked access tokens/API keys
- Incorrect username/password credentials
- Missing or invalid session cookies
- IP address or user agent restrictions in security policies
How to Fix
1 Verify Authentication Credentials
Check that valid credentials are being sent with the request. For APIs, ensure the Authorization header is properly formatted.
BASH
$ curl -v -H "Authorization: Bearer YOUR_TOKEN_HERE" https://api.example.com/resource 2 Check Token Expiration
Verify that access tokens or API keys haven't expired. Most tokens have a limited validity period.
BASH
$ # Decode JWT token to check expiration (requires jq)
echo "YOUR_JWT_TOKEN" | cut -d'.' -f2 | base64 -d 2>/dev/null | jq . 3 Test with Basic Authentication
If using Basic Auth, verify credentials work independently before integrating into your application.
BASH
$ curl -u username:password https://api.example.com/resource 4 Inspect HTTP Headers
Exact request headers being sent to identify missing or malformed authentication data.
BASH
$ curl -v -X GET https://api.example.com/resource 2>&1 | grep -E "(Authorization:|> GET|HTTP/)" 5 Check Server Authentication Configuration
Verify server-side authentication is properly configured, including allowed methods and required scopes.
BASH
$ # Check nginx/auth configuration
grep -r "auth" /etc/nginx/sites-enabled/
# Or check Apache configuration
grep -r "Auth" /etc/apache2/sites-enabled/