DEV Community

anjireddy k
anjireddy k

Posted on • Originally published at Medium on

Difference between 401 (Unauthorized) and 403(Forbidden) status codes

Difference between 401 (Unauthorized) and 403(Forbidden) status codes

When building a REST API there is always confusion when do we need to respond with unauthorized (401) and when do we need to respond with Forbidden (403). If the integration team doesn’t aware of the status codes, it would cause ambiguity when dealing with the REST APIs.

UnAuthorized (401) status code

This is recommended to use when the token is invalid or the API couldn’t able to identify/authenticate the user request. When REST API responded with a 401 status code, we need to verify whether the token is valid or expired.

Forbidden (403) status code

This is recommended to use when the token is valid but the user request doesn’t have the privilege to access the requested resource/endpoint.

Please follow and like us:

Originally published at http://www.techmonks.org on July 15, 2020.

Top comments (0)