What Is the 401 Status Code? (Unauthorized)

By the Scrappey Research Team

Paste into ChatGPT, Claude, or any LLM

What Is the 401 Status Code? (Unauthorized) — conceptual illustration

On this page

HTTP 401 Unauthorized means the server doesn't know who you are because your request didn't include valid login credentials. Think of it as a doorman asking "who are you?" — you haven't shown ID yet. This is different from a 403, where the doorman knows you and still won't let you in. A 401 response usually includes a WWW-Authenticate header that names the login method the server expects (Basic, Bearer, etc.). You'll also see it written as "HTTP 401" or just "401 error" / "401 status code."

Status code	401
Meaning	Unauthorized
Category	4xx Client Error
Common causes (scraping)	Missing/expired token, wrong API key, no session cookie
Right response	Fix the request / retry with backoff; for disguised blocks use a real-browser unblock

What a 401 Unauthorized means

A 401 means the server can't identify you — you haven't proven who you are. That's the key difference from a 403, where the server already knows you but still refuses. The response usually carries a WWW-Authenticate header naming the login scheme the server wants: Basic (username/password), Bearer (a token), and so on. In short: a 401 status code means the request is missing valid authentication credentials.

Why scrapers see 401

Scrapers hit a 401 when the page or API requires you to be logged in. Common causes: a missing or expired session cookie (the small token that proves you already logged in), an absent or wrong API key / Bearer token, or a login step the scraper never completed. Some sites also return a 401 instead of a 403 when an anti-bot layer decides the caller isn't a logged-in human.

How to fix a 401 error

Give the server the credentials it legitimately asks for: refresh an expired token or add the API key header it expects. More often for scrapers, a 401 on a public page is a bot block in disguise — handle it like a 403: send realistic headers, use a clean residential IP, and present a real-browser fingerprint via Web Access API.

HTTP 403 Forbidden means the server understood your request but refuses to answer it. The difference from 401 is simple: 401 means "we don't…

What Is the 429 Status Code (429 Error)?

HTTP 429 Too Many Requests is the status code a server returns when a client has sent more requests in a given window than the server's rate…

What Is the 503 Status Code (503 Service Unavailable Error)?

HTTP 503 Service Unavailable means the server can't handle your request right now — usually because it's overloaded, under maintenance, or d…

What Is the 499 Status Code (499 Error)?

HTTP 499 Client Closed Request is a non-standard status code, logged by Nginx (and CDNs like Cloudflare) when the client closes the connecti…

What Is Cloudflare Error 1015?

Cloudflare error 1015 "You are being rate limited" means a website is blocking you because you sent too many requests too quickly. The site …

What Is a 200 Status Code?

HTTP 200 OK is the standard "success" status code: the server got your request, handled it, and sent back the response you expected. For a G…

What Is the 406 Status Code (406 Not Acceptable)?

HTTP 406 Not Acceptable means the server can't return content matching your Accept headers. When you make a request, your client sends "Acce…

What Is the 451 Status Code (451 Unavailable For Legal Reasons)?

HTTP 451 "Unavailable For Legal Reasons" means a server is refusing to give you a page because the law — not a technical problem — says it c…

How to Use Basic Auth with curl

To send HTTP Basic Authentication with curl, use the -u (or --user) flag: curl -u username:password https://example.com. curl Base64-encodes…

Concept map

How 401 Status Code (401 Unauthorized) connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections

You are here · HTTP Errors

Tools & solutions for this topic

Frequently asked questions

Is 401 a client or server error?

It's a client-side (4xx) error, meaning the problem is in your request — the server is pointing at something you sent (or failed to send).

Does a 401 mean I'm blocked when scraping?

Not necessarily. A 401 points at your request, not a ban. But anti-bot layers sometimes return it instead of a 403, so check the response body and headers to see which case you're in.

How do I fix a 401 error?

The cause is always the same: your request lacks valid authentication credentials. So the fix is to supply them — correct the missing or wrong part of the request (token, cookie, or API key), then retry.

What's the difference between 401 and 403?

A 401 Unauthorized means you haven't proven who you are — provide credentials and retry. A 403 Forbidden means the server knows you (or doesn't need to) but still won't allow it. For scraping that doesn't involve logging in, 403 is usually the one you'll run into.

Last updated: 2026-05-31