401 4xx RFC 9110 §15.5.2

Unauthorized

Authentication required or failed. Despite the name, this means 'unauthenticated'.

What HTTP 401 means

RFC 9110 §15.5.2. The server requires authentication and either none was provided or the credentials are invalid. Response must include WWW-Authenticate header. Often confused with 403 — 401 means 'who are you?', 403 means 'I know who you are, but you can't do this'.

Typical causes

Missing API key
Invalid token
Expired JWT
Wrong username/password
Missing Authorization header

401 across services

How 2 different errors map to HTTP 401 across the services we cover.

Anthropic

authentication_error — Invalid API Key

Stripe

api_key_invalid — Invalid API Key Provided