401 - Unauthorized - Well it should actually say unauthenticated. That is you have not provided/proven your identity or simply put you have not logged in. Can retry with proper credentials to get a 200 OK :D
403 - Forbidden - The server now know very well who you are (logged-in/authenticated) but won't give you what you are asking for because you are not authorized to know about it. No point in retrying unless you get your identity(User account) authorized for this information (that they are keeping from you ;) ).