HTTP 401 Unauthorized means the request lacks valid authentication credentials. Despite its name, this status is about authentication (who are you?), not authorization (what are you allowed to do?). The server MUST include a WWW-Authenticate header indicating the authentication scheme(s) accepted. This is the gateway status for protected resources — before any authorization check, the server verifies identity.
Response includes the status code, standard headers (including Content-Type), and a small diagnostic JSON body describing the request and returned status.
Simulator URL (copy in the app after load — not a normal link):
https://httpstatus.com/api/status/401
Example request:
curl -i "https://httpstatus.com/api/status/401"