Difference between 401 (Unauthorized) and 403(Forbidden) status codes

#401vs403 #restapi #unauthorizedvsforbid

Difference between 401 (Unauthorized) and 403(Forbidden) status codes

When building a REST API there is always confusion when do we need to respond with unauthorized (401) and when do we need to respond with Forbidden (403). If the integration team doesn’t aware of the status codes, it would cause ambiguity when dealing with the REST APIs.

UnAuthorized (401) status code

This is recommended to use when the token is invalid or the API couldn’t able to identify/authenticate the user request. When REST API responded with a 401 status code, we need to verify whether the token is valid or expired.

Forbidden (403) status code

This is recommended to use when the token is valid but the user request doesn’t have the privilege to access the requested resource/endpoint.

Please follow and like us:

Originally published at http://www.techmonks.org on July 15, 2020.

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →