401 Unauthorized
The request has not been applied because it lacks valid authentication credentials for the target resource.
The server generating a 401 response MUST send a WWW-Authenticate header field1 containing at least one challenge applicable to the target resource.
If the request included authentication credentials, then the 401 response indicates that authorization has been refused for those credentials. The user agent MAY repeat the request with a new or replaced Authorization header field2. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user agent SHOULD present the enclosed representation to the user, since it usually contains relevant diagnostic information.
- 1 WWW-Authenticate RFC7235 Section 4.1
- 2 Authorization RFC7235 Section 4.2
- Source: RFC7235 Section 3.1
401 Code References
-
.NET HTTP Status Enum
HttpStatusCode.Unauthorized -
Rust HTTP Status Constant
http::StatusCode::UNAUTHORIZED -
Rails HTTP Status Symbol
:unauthorized -
Go HTTP Status Constant
http.StatusUnauthorized -
Symfony HTTP Status Constant
Response::HTTP_UNAUTHORIZED -
Python2 HTTP Status Constant
httplib.UNAUTHORIZED -
Python3+ HTTP Status Constant
http.client.UNAUTHORIZED -
Python3.5+ HTTP Status Constant
http.HTTPStatus.UNAUTHORIZED
