4×× CLIENT ERROR

401 UNAUTHORIZED

The request has not been applied because it lacks valid authentication credentials for the target resource.

The server generating a 401 response MUST send a WWW-Authenticate header field containing at least one challenge applicable to the target resource.

If the request included authentication credentials, then the 401 response indicates that authorization has been refused for those credentials. The user agent MAY repeat the request with a new or replaced Authorization header field. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user agent SHOULD present the enclosed representation to the user, since it usually contains relevant diagnostic information.

WWW-Authenticate RFC7235 Section 4.1

Authorization RFC7235 Section 4.2

401 UNAUTHORIZED Source: RFC7235 Section 3.1

 

401 CODE REFERENCES

Rails HTTP Status Symbol :unauthorized

Go HTTP Status Constant http.StatusUnauthorized

Symfony HTTP Status Constant Response::HTTP_UNAUTHORIZED

Python2 HTTP Status Constant httplib.UNAUTHORIZED

Python3+ HTTP Status Constant http.client.UNAUTHORIZED

Python3.5+ HTTP Status Constant http.HTTPStatus.UNAUTHORIZED

Recommended:

• 400 BAD REQUEST
• 308 PERMANENT REDIRECT