401 - Unauthorized - Well it should actually say unauthenticated. That is you have not provided/proven your identity or simply put you have not logged in. Can retry with proper credentials to get a 200 OK :D
403 - Forbidden - The server now know very well who you are (logged-in/authenticated) but won't give you what you are asking for because you are not authorized to know about it. No point in retrying unless you get your identity(User account) authorized for this information (that they are keeping from you ;) ).
Top comments (2)
So, If I as a user who wants to access another users data.... thats a 401 right ?
403 can be not being able to see for example "Settings" because you are not a admin user
Short and sweet, Thanks m8