{"id":16095,"date":"2025-07-24T17:25:41","date_gmt":"2025-07-24T15:25:41","guid":{"rendered":"https:\/\/surver.nl\/?post_type=kennisbank&p=16095"},"modified":"2025-07-30T09:44:40","modified_gmt":"2025-07-30T07:44:40","slug":"status-code-401","status":"publish","type":"kennisbank","link":"https:\/\/surver.nl\/en\/kennisbank\/statuscode-401\/","title":{"rendered":"What does status code 401 Unauthorized mean?"},"content":{"rendered":"
\"Status<\/figure>\n\n\n\n

A page is not loading. Not a \"404 page not found,\" but something else: 401 Unauthorized. The server answers, but no access. This is not a glitch or a broken link. This is a deliberate response: you're missing the right permissions, or rather, the right identifier.<\/p>\n\n\n\n

The 401 status code indicates that authentication is required, but it has not been provided or is invalid. Thus, it is not access that is explicitly denied (like a 403), but access that is not yet<\/em> is allowed. You are simply not logged in.<\/p>\n\n\n\n

What exactly does the 401 http status code say?<\/h2>\n\n\n\n

In technical terms, the server expects a valid Authorization header, but it is not present or is incorrect. In response, it sends:<\/p>\n\n\n\n

HTTP\/1.1 401 Unauthorized  <\/em><\/strong><\/p>\n\n\n\n

WWW-Authenticate: Basic realm=\"Login required\"<\/em><\/strong><\/p>\n\n\n\n

That WWW-Authenticate header is part of it. It is an invitation for the client to make itself known. As long as that step is missing, it will remain with a response 401: access denied because you are not logged in.<\/p>\n\n\n\n

How do you see such a 401 error message?<\/h2>\n\n\n\n

In the browser? Usually you get a message along the lines of:<\/p>\n\n\n\n

\"This page is not working - HTTP 401\"<\/em><\/strong><\/p>\n\n\n\n

Or you simply see \"401 Unauthorized\" on a blank screen. Sometimes a bare \"Access denied.\" And for API calls, you usually get a JSON saying \"error\": \"Unauthorized\" or \"code\": 401.<\/p>\n\n\n\n

It looks unspectacular, but it tells you exactly what you need to know: you requested something that requires authentication, and it was missing.<\/p>\n\n\n\n

Causes of a 401 error<\/h2>\n\n\n\n

A status code 401<\/strong> does not arise by accident. In practice, these are the most common causes:<\/p>\n\n\n\n

    \n
  • You are not logged in (yet), or your session has expired<\/li>\n\n\n\n
  • A token in the header is missing or has expired<\/li>\n\n\n\n
  • The server expects a specific login method (such as Basic or Bearer auth)<\/li>\n\n\n\n
  • A security layer or firewall blocks the request<\/li>\n\n\n\n
  • For APIs: the access token is invalid or not provided<\/li>\n<\/ul>\n\n\n\n

    Anything you query behind a secure layer, a user dashboard, an API endpoint, an admin environment, without proper credentials you will get back a 401 http.<\/p>\n\n\n\n

    How do you resolve error code 401?<\/h2>\n\n\n\n
    \"HTTP<\/figure>\n\n\n\n

    In a Web environment, it is often simple: re-logging in usually solves the problem.<\/p>\n\n\n\n

    With API traffic, it's more nuanced. There you have to check whether your request contains headers with the correct authentication, such as a Bearer token. If this is missing, or if the token has expired, an unrelenting status 401<\/strong>.<\/p>\n\n\n\n

    Sometimes it's something as simple as a plugin that demands additional authentication, or a redirect that interrupts the session. Working with tools like Postman or Insomnia will help you check step by step that your request is complete.<\/p>\n\n\n\n

    How can you recognize 401 status yourself?<\/h2>\n\n\n\n

    In your browser use the developer tools, tab Network<\/em>. There you will see the status code for each request, code 401<\/strong> is clearly visible, usually along with the corresponding header.<\/p>\n\n\n\n

    Do you prefer to use curl?<\/p>\n\n\n\n

    curl -I https:\/\/jouwdomein.nl\/beveiligd-endpoint<\/em><\/strong><\/p>\n\n\n\n

    If you then get HTTP\/1.1 401 Unauthorized returned, you know enough. The server will not accept your request without further identification.<\/p>\n\n\n\n

    Tools like Screaming Frog also nicely display error messages such as error code 401 when they run into secure areas of a site.<\/p>\n\n\n\n

    What makes status code 401 different from 403?<\/h2>\n\n\n\n

    This is often mixed up. Briefly:<\/p>\n\n\n\n

      \n
    • 401 status means: you are not logged in, so you may not enter yet<\/li>\n\n\n\n
    • 403 means: you are known but do not have permissions to see this<\/li>\n<\/ul>\n\n\n\n

      With an http 401, you can usually solve the problem by logging in or providing the correct headers. With a 403 it is more complicated: there you have to get permissions, or request access.<\/p>\n\n\n\n

      In conclusion<\/h2>\n\n\n\n

      A 401 status code is technically very clear: no access without identification. Whether you are working with an API, an admin environment or a login-only page, the error message points you exactly to the problem, you are missing the proper authentication.<\/p>\n\n\n\n

      It is a common mistake, but not something to be afraid of. On the contrary. Those who read it carefully know: the server is working as it should. Only you still have to show who you are.<\/p>","protected":false},"excerpt":{"rendered":"

      Een pagina laadt niet. Geen \u2018404 pagina niet gevonden\u2019, maar iets anders: 401 Unauthorized. De server geeft antwoord, maar geen toegang. Dit is geen storing of een kapotte link. Dit is een bewuste reactie: je mist de juiste rechten, of eigenlijk, de juiste identificatie. De 401 status code geeft aan dat er authenticatie nodig is, […]<\/p>\n","protected":false},"author":2,"featured_media":16096,"template":"","meta":{"_acf_changed":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}}},"kennisbank_categorieen":[64],"class_list":["post-16095","kennisbank","type-kennisbank","status-publish","has-post-thumbnail","hentry","kennisbank_categorieen-statuscodes"],"acf":[],"_links":{"self":[{"href":"https:\/\/surver.nl\/en\/wp-json\/wp\/v2\/kennisbank\/16095","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/surver.nl\/en\/wp-json\/wp\/v2\/kennisbank"}],"about":[{"href":"https:\/\/surver.nl\/en\/wp-json\/wp\/v2\/types\/kennisbank"}],"author":[{"embeddable":true,"href":"https:\/\/surver.nl\/en\/wp-json\/wp\/v2\/users\/2"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/surver.nl\/en\/wp-json\/wp\/v2\/media\/16096"}],"wp:attachment":[{"href":"https:\/\/surver.nl\/en\/wp-json\/wp\/v2\/media?parent=16095"}],"wp:term":[{"taxonomy":"kennisbank_categorieen","embeddable":true,"href":"https:\/\/surver.nl\/en\/wp-json\/wp\/v2\/kennisbank_categorieen?post=16095"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}