HTTP 401 vs. 403

// Jun 11, 2015

So today I understood the difference between a 401 and 403 HTTP status code. Which is commonly mistaken for the same response. But here’s the distinguishing difference.

HTTP 401 (Unauthorized)

This is the server saying “You are either unauthenticated or authenticated incorrectly”, and therefore access to the content is blocked, until the client is authorized.

HTTP 403 (Forbidden)

This is the server saying “I know who you are, you are authenticated, however you don’t have the correct permission level to access this content”. Such as a user who is authenticated, but trying to access admin content.