HTTP 401 Unauthorized
Authentication is required and failed or wasn't provided.
What it means
401 is misnamed — it really means "unauthenticated." The request didn't include valid credentials (no token, expired token, invalid signature). The server is telling the client "I need you to identify yourself before I can decide if you have access."
Compare with 403: 401 means "I don't know who you are," 403 means "I know who you are and you don't have permission." If a request that previously worked starts returning 401, the most common cause is an expired or revoked token.
Common causes
- Expired or revoked access token
- Missing Authorization header
- Wrong signature or HMAC mismatch on a signed request
- Token issued for a different audience or scope
How to fix it
- 1Refresh the access token and retry
- 2Verify the Authorization header is being set (some tools strip headers)
- 3Check the token's expiry, audience, and scope claims
How Uptimera reports 401
Uptimera flags 401 as down. For monitors hitting authenticated endpoints, configure the monitor with the auth token in the request headers — and watch for token expiry as a recurring monitoring failure.
Catch 401s before your customers do
Uptimera monitors your URLs from multiple regions and alerts the moment a 401 starts firing. Free plan included.