The request requires authentication. The client must provide valid credentials.
const res = await fetch('/api/data', {
headers: {
'Authorization': `Bearer ${token}`,
},
});Include auth credentials in every request to protected endpoints.
ObserveOne monitors authentication failures and alerts on unusual 401 spikes.
Start Monitoring FreeThe server understood the request but refuses to authorize it. Authentication won't help — the user lacks permissions.
The server cannot process the request due to malformed syntax, invalid parameters, or bad encoding.
The server cannot find the requested resource. The URL may be wrong, the resource may have been deleted, or the route doesn't exist.
The HTTP method (GET, POST, PUT, DELETE) is not supported for this endpoint.
The resource existed but has been permanently removed. Unlike 404, this explicitly tells clients the resource won't come back.