Error fix
How to fix “401 Unauthorized”
Authentication failed or was missing—bad credentials, expired token, or wrong auth scheme.
Updated Apr 20, 2026
Tools that help with this
Fastest fix
Start here first. Step 1 fixes most cases—then work down the list.
- Re-login or refresh tokens using the app’s documented flow.
- Verify API keys and that secrets match the target environment.
- Check reverse proxies forward Authorization and Cookie headers.
What this means
The server expects a valid identity for this resource. Until auth succeeds, access is denied.
Common causes
Expired sessions
JWT expiry, rotated API keys, or clock skew.
Wrong scheme
Bearer vs Basic, missing Authorization header, or CORS preflight stripping headers.
Step-by-step fix
Restore valid auth
- Re-login or refresh tokens using the app’s documented flow.
- Verify API keys and that secrets match the target environment.
- Check reverse proxies forward Authorization and Cookie headers.
Related
Also see: 401 — browse the HTTP status hub.
FAQ
- 401 vs 403?
- 401 means authenticate; 403 means authenticated but not allowed.
- 401 on APIs only in browser?
- CORS may hide headers—test with curl and compare preflight.
- Intermittent 401?
- Look for token refresh races and short access token lifetimes.
Fix related issues
Still stuck? Try these related fixes next.
- Kubernetes CrashLoopBackOffThe container exits repeatedly—check logs, probes, and resource limits.
- Heroku H10 — app crashedThe web process exited; Heroku serves an error page. Logs show the real exception.
- Netlify — page not foundThe deploy exists but no asset matches the path—often SPA routing or a missing file in publish dir.
- Vercel — deployment not foundThe deployment URL or project alias does not exist or was removed.
- Cloudflare 525 — SSL handshake failedCloudflare could not complete TLS with your origin—cert mismatch, wrong port, or TLS version.
Edit your error
Tweak the message and run again—we'll match an existing fix or generate a new page.
Original error message
401 Unauthorized