Open in app

Sign in

Write

Sign in

Difference between 401 (Unauthorized) and 403(Forbidden) status codes

Anji…
1 min readJul 15, 2020

--

When building a REST API there is always confusion when do we need to respond with unauthorized (401) and when do we need to respond with Forbidden (403). If the integration team doesn’t aware of the status codes, it would cause ambiguity when dealing with the REST APIs.

UnAuthorized (401) status code

This is recommended to use when the token is invalid or the API couldn’t able to identify/authenticate the user request. When REST API responded with a 401 status code, we need to verify whether the token is valid or expired.

Forbidden (403) status code

This is recommended to use when the token is valid but the user request doesn’t have the privilege to access the requested resource/endpoint.

Please follow and like us:

Originally published at http://www.techmonks.org on July 15, 2020.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Rest Api
401 Vs 403
Unauthorized Vs Forbidden

--

--

Anji…
Anji…

Written by Anji…

266 Followers
117 Following

Technology Enthusiast, Problem Solver, Doer, and a Passionate technology leader. Views expressed here are purely personal.

No responses yet

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams