401
HTTP
401 Unauthorized
The request requires user authentication. The response includes a WWW-Authenticate header indicating the authentication scheme.
このコードが表示される場合
When accessing a protected resource without credentials or with expired tokens.
解決方法
Include valid authentication credentials (API key, Bearer token, Basic auth) in the Authorization header.
関連コード
クロスプロトコル同等コード
比較
比較対象
ガイド
Understanding HTTP Status Codes: A Complete Guide
HTTP Fundamentals
HTTP Redirects: 301 vs 302 vs 307 vs 308
HTTP Fundamentals
HTTP Caching: Cache-Control, ETags, and 304 Responses
HTTP Fundamentals
Complete Guide to HTTP Methods: GET, POST, PUT, PATCH, DELETE
HTTP Fundamentals
Essential HTTP Headers Every Developer Should Know
HTTP Fundamentals
HTTP/2 vs HTTP/3: What Changed and Why
HTTP Fundamentals
HTTP Content Negotiation: Complete Guide
HTTP Fundamentals
HTTP Range Requests and Partial Content
HTTP Fundamentals
HTTP Cookies: SameSite, Secure, and HttpOnly Explained
HTTP Fundamentals
HTTP Request Lifecycle: From URL to Response
HTTP Fundamentals
HTTP Conditional Requests: If-Match, If-None-Match, and Beyond
HTTP Fundamentals
HTTP Trailers: Sending Metadata After the Body
HTTP Fundamentals
HTTP Proxy Headers: X-Forwarded-For, Via, and Forwarded
HTTP Fundamentals
HTTP 103 Early Hints: Preloading Before the Response
HTTP Fundamentals
Choosing the Right HTTP Status Codes for REST APIs
API Design & Best Practices
gRPC Status Codes: A Practical Guide
API Design & Best Practices
How to Implement and Handle Rate Limiting (429)
API Design & Best Practices
API Versioning Strategies: URL, Header, and Query Param
API Design & Best Practices
Designing Consistent API Error Responses
API Design & Best Practices
API Pagination Patterns: Offset, Cursor, and Keyset
API Design & Best Practices
API Versioning Strategies: URI, Header, and Query
API Design & Best Practices
Implementing Webhooks: A Complete Guide
API Design & Best Practices
GraphQL vs REST: When to Use Which
API Design & Best Practices
OpenAPI Specification: Design-First API Development
API Design & Best Practices
API Deprecation Strategy: Sunset Headers and Migration Paths
API Design & Best Practices
Designing Bulk API Endpoints: Batch Requests and Partial Failures
API Design & Best Practices
HATEOAS and Hypermedia APIs: Beyond REST
API Design & Best Practices
Designing Idempotent APIs: From Theory to Implementation
API Design & Best Practices
Debugging 502 Bad Gateway Errors
Debugging & Troubleshooting
Debugging CORS Errors: A Developer's Guide
Debugging & Troubleshooting
Debugging Timeout Errors: 408 and 504
Debugging & Troubleshooting
Debugging 503 Service Unavailable Errors in Production
Debugging & Troubleshooting
TLS/SSL Certificate Troubleshooting Guide
Debugging & Troubleshooting
Debugging 429 Too Many Requests
Debugging & Troubleshooting
Debugging Connection Reset Errors
Debugging & Troubleshooting
Debugging 500 Internal Server Error: A Systematic Approach
Debugging & Troubleshooting
Debugging Redirect Loops (ERR_TOO_MANY_REDIRECTS)
Debugging & Troubleshooting
Debugging Mixed Content Errors in HTTPS Pages
Debugging & Troubleshooting
401 Unauthorized vs 403 Forbidden: When to Use Each
Security & Authentication
Essential HTTP Security Headers
Security & Authentication
OAuth 2.0 Flows Explained: Authorization Code, Client Credentials, PKCE
Security & Authentication
JSON Web Tokens: Structure, Signing, and Common Pitfalls
Security & Authentication
API Keys vs OAuth vs JWT: Choosing the Right Auth Method
Security & Authentication
CORS Configuration: A Complete Guide
Security & Authentication
Implementing Mutual TLS (mTLS) for API Security
Security & Authentication
API Security Checklist: OWASP Top 10 for APIs
Security & Authentication
Content Security Policy (CSP): A Complete Implementation Guide
Security & Authentication
Rate Limiting as a Security Control: Brute Force, DDoS, and Abuse Prevention
Security & Authentication
OAuth 2.0 PKCE for Public Clients: SPAs, Mobile, and CLI Apps
Security & Authentication
API Authentication Patterns: Bearer Tokens, API Keys, and Session Cookies
Security & Authentication
Subresource Integrity (SRI): Protecting CDN-Hosted Scripts
Security & Authentication
HSTS: HTTP Strict Transport Security Complete Guide
Security & Authentication
Transactional Email Best Practices: Receipts, Alerts, and Password Resets
Email Delivery
DNS Record Types Explained: A, AAAA, CNAME, MX, TXT, and Beyond
DNS & Networking
DNS over HTTPS (DoH) and DNS over TLS (DoT): Encrypted DNS Explained
DNS & Networking
TCP Three-Way Handshake and Connection Lifecycle
DNS & Networking
Essential Network Debugging Tools: ping, traceroute, mtr, and tcpdump
DNS & Networking
Server-Sent Events (SSE) Implementation Guide
Real-Time Protocols
WebSocket Authentication Patterns
Real-Time Protocols
WebSocket vs Server-Sent Events: Choosing the Right Protocol
Real-Time Protocols
WebRTC Signaling with SIP and WebSocket
Real-Time Protocols
gRPC Streaming vs REST Polling: Real-Time Data Delivery
Real-Time Protocols
MQTT Protocol: Lightweight Messaging for IoT and Real-Time Systems
Real-Time Protocols
Implementing Retry with Exponential Backoff
Error Handling Patterns
Circuit Breaker Pattern for API Resilience
Error Handling Patterns
Designing Error Responses with Problem Details (RFC 9457)
Error Handling Patterns
Graceful Degradation in Distributed Systems
Error Handling Patterns
Timeout Budget Patterns for Microservices
Error Handling Patterns
Dead Letter Queues and Async Error Handling
Error Handling Patterns
Idempotency Keys for Safe API Retries
Error Handling Patterns
Health Check Endpoint Design Guide
Error Handling Patterns
Bulkhead Pattern: Isolating Failures in Distributed Systems
Error Handling Patterns
Saga Pattern: Managing Distributed Transactions with Compensating Actions
Error Handling Patterns
Error Budgets and SLOs: When to Accept Errors
Error Handling Patterns
Fallback Strategies: Default Values, Cached Responses, and Degraded Modes
Error Handling Patterns
Status Code Handling in Django
Framework Cookbooks
Express.js Error Middleware Complete Guide
Framework Cookbooks
FastAPI Response Models and Status Codes
Framework Cookbooks
Spring Boot Error Handling with @ControllerAdvice
Framework Cookbooks
Go HTTP Error Handling Patterns
Framework Cookbooks
Ruby on Rails Error Handling Cookbook
Framework Cookbooks
ASP.NET Core Error Handling Guide
Framework Cookbooks
Next.js API Routes: Status Codes, Error Handling, and Middleware
Framework Cookbooks
Flask Error Handling: Custom Pages, API Errors, and Blueprints
Framework Cookbooks
Laravel Exception Handling: Renderable Exceptions and API Resources
Framework Cookbooks
Rust Actix-web Error Handling: ResponseError Trait and Custom Errors
Framework Cookbooks
HTTP Caching Strategy for APIs
Performance & Optimization
HTTP Compression: gzip vs Brotli vs zstd
Performance & Optimization
Connection Management and Keep-Alive
Performance & Optimization
Reducing Time to First Byte (TTFB)
Performance & Optimization
Load Balancing Strategies for APIs
Performance & Optimization
Resource Hints: Preload, Prefetch, Preconnect, and DNS-Prefetch
Performance & Optimization
CDN Caching Strategies: Edge Caching, Purging, and Cache Keys
Performance & Optimization
API Response Time Optimization: From Database to Wire
Performance & Optimization
HTTP/2 Server Push: Promise and Pitfalls
Performance & Optimization
Connection Pooling for HTTP Clients: Best Practices and Pitfalls
Performance & Optimization
Taming Tail Latency: Why P99 Matters More Than Average
Performance & Optimization
RFC 9110: HTTP Semantics Deep Dive
Protocol Deep Dives
RFC 6455: WebSocket Protocol Deep Dive
Protocol Deep Dives
RFC 7540: HTTP/2 Protocol Deep Dive
Protocol Deep Dives
RFC 9114: HTTP/3 Protocol Deep Dive
Protocol Deep Dives
RFC 959: FTP Protocol Deep Dive
Protocol Deep Dives
RFC 3261: SIP Protocol Deep Dive
Protocol Deep Dives
RFC 7231/9110: HTTP Method Semantics — Safe, Idempotent, and Cacheable
Protocol Deep Dives
QUIC Protocol: The Transport Layer Behind HTTP/3
Protocol Deep Dives
TLS 1.3: Faster, Simpler, More Secure
Protocol Deep Dives
Migrating from HTTP/1.1 to HTTP/2
Migration & Upgrades
Migrating from REST to gRPC
Migration & Upgrades
Migrating from HTTP/2 to HTTP/3: QUIC Deployment Guide
Migration & Upgrades
Migrating from FTP to SFTP: A Complete Transition Guide
Migration & Upgrades
Migrating from SOAP to REST APIs
Migration & Upgrades
API Migration: Monolith to Microservices
Migration & Upgrades
Migrating from WebSocket to Server-Sent Events
Migration & Upgrades
Migrating from TLS 1.2 to TLS 1.3: Configuration and Compatibility
Migration & Upgrades
Reverse Proxy Configuration: Nginx, Caddy, and HAProxy
Production Infrastructure
Load Balancer Health Checks: HTTP, TCP, and gRPC Probes
Production Infrastructure
Zero-Downtime Deployments: Blue-Green, Canary, and Rolling Updates
Production Infrastructure
CDN Configuration for Dynamic and Static Content
Production Infrastructure
TLS Termination: Where to Terminate HTTPS and Why
Production Infrastructure
Rate Limiting at the Edge: WAF, CDN, and API Gateway Strategies
Production Infrastructure
Connection Draining: Graceful Shutdown Without Dropping Requests
Production Infrastructure
Observability for HTTP Status Codes: Metrics, Logs, and Alerts
Production Infrastructure
Request ID and Distributed Tracing: Correlating Logs Across Services
Production Infrastructure
Custom Error Pages: 404, 500, 502, and Maintenance Pages
Production Infrastructure
HTTP Access Log Management: Rotation, Parsing, and Analysis
Production Infrastructure
Secret Management for API Keys, Tokens, and Certificates
Production Infrastructure
API Gateway Patterns: Architecture and Use Cases
API Gateway Patterns
API Gateway Rate Limiting Patterns: Token Bucket, Sliding Window, and Quotas
API Gateway Patterns
Circuit Breaker Pattern at the API Gateway
API Gateway Patterns
API Gateway Request Routing: Path, Header, and Content-Based
API Gateway Patterns
Authentication at the API Gateway: JWT Validation, OAuth, and API Keys
API Gateway Patterns
Request and Response Transformation at the API Gateway
API Gateway Patterns
API Gateway Retry and Timeout Policies
API Gateway Patterns
CORS Handling at the API Gateway
API Gateway Patterns
API Gateway Logging and Analytics
API Gateway Patterns
API Versioning Through the Gateway: URI, Header, and Media Type
API Gateway Patterns
API Testing Strategies: Unit, Integration, Contract, and E2E
Testing & Mocking
Mock Servers for API Development: WireMock, Prism, and Custom Mocks
Testing & Mocking
Contract Testing with Pact: Consumer-Driven API Contracts
Testing & Mocking
Load Testing APIs: k6, Locust, and Artillery
Testing & Mocking
Chaos Engineering for APIs: Injecting Faults and Status Codes
Testing & Mocking
API Schema Validation Testing: OpenAPI, JSON Schema, and Schemathesis
Testing & Mocking
HTTP Recording and Replay: VCR, Polly, and Nock
Testing & Mocking
Testing Error Scenarios: Simulating 4xx and 5xx Responses
Testing & Mocking
API Security Testing: OWASP ZAP, Burp Suite, and Automated Scanning
Testing & Mocking
API Performance Benchmarking: Establishing and Tracking Baselines
Testing & Mocking
デバッグシナリオ
仕様
意思決定ガイド
用語集
Idempotency
Safe Methods
Content Negotiation
Status Code
Reason Phrase
Media Type (MIME Type)
Response Header
Request Method (HTTP Verb)
Redirect
Cookie
Session
HTTP/2
HTTP/3
REST (Representational State Transfer)
GraphQL
Keep-Alive
Chunked Transfer Encoding
Conditional Request
Range Request
Trailer Headers
Rate Limiting
Pagination
API Versioning
Content-Type
Accept Header
HATEOAS
Idempotency Key
Webhook
API Gateway
OpenAPI Specification
GraphQL Query
REST Constraints
API Throttling
Request Body
Response Body
SDK (Software Development Kit)
API Deprecation
Bulk Operations
Hypermedia
JSON:API
TLS Handshake
TLS Certificate (SSL Certificate)
CORS (Cross-Origin Resource Sharing)
Cipher Suite
Authentication
XSS (Cross-Site Scripting)
CSRF (Cross-Site Request Forgery)
SQL Injection
HSTS (HTTP Strict Transport Security)
CSP (Content Security Policy)
OAuth 2.0
JWT (JSON Web Token)
API Key
Bearer Token
Mutual TLS (mTLS)
Rate Limit Bypass
Same-Origin Policy
Clickjacking
SSRF (Server-Side Request Forgery)
Security Headers
TCP/IP
Three-Way Handshake
Port Number
Latency
Timeout
Load Balancer
Reverse Proxy
NAT (Network Address Translation)
Firewall
Proxy Server (Forward Proxy)
DNS over HTTPS (DoH)
IPv6
Connection Pooling
TCP Reset (RST)
Socket
UDP (User Datagram Protocol)
Bandwidth
DNS Lookup
Cache-Control
ETag (Entity Tag)
CDN (Content Delivery Network)
Stale-While-Revalidate
Cache Invalidation
Edge Caching
Last-Modified
Vary Header
Cache Busting
HTTP Compression
Prefetching
Time to First Byte (TTFB)
Connection Reuse
Brotli Compression
HTTP Caching Layers
Cache Hit Ratio
Push Cache (HTTP/2)
Immutable Response
Service Worker Cache
103 Early Hints
Retry Strategy
Circuit Breaker
Graceful Degradation
Fallback
Error Boundary
Dead Letter Queue
Health Check
Timeout Budget
Problem Details (RFC 9457)
Exponential Backoff
Jitter
Thundering Herd
Bulkhead Pattern
Error Code Mapping
Idempotent Retry
Error Rate
Fail Open / Fail Closed
Retry-After Header
Request-Response Model
RFC (Request for Comments)
IANA (Internet Assigned Numbers Authority)
Protocol Upgrade
Multiplexing
Backward Compatibility
Serialization
Protocol Negotiation
Message Framing
Extension Mechanism
Connection-Oriented
Connectionless
Half-Duplex
ALPN (Application-Layer Protocol Negotiation)
Text vs Binary Protocol
Head-of-Line Blocking
QUIC
WebRTC (Web Real-Time Communication)
Signaling
Server-Sent Events (SSE)
Long Polling
Event Stream
gRPC-Web
Service Mesh
Sidecar Proxy
Ingress Controller
Service Discovery
Load Balancing Algorithm
Blue-Green Deployment
Canary Deployment
Health Check Endpoint
TLS Termination
Connection Draining
Distributed Tracing
Observability
Correlation ID
Rate Limiter Algorithm
Container Orchestration
Rolling Update
Readiness Probe
SLA / SLO / SLI
Configuration Management
Zero-Downtime Deployment
HTTP Semantics (RFC 9110)
URI (Uniform Resource Identifier)
MIME Type
CORS Preflight
Content-Disposition
Transfer-Encoding
Link Header
Origin
Referrer-Policy
Permissions Policy
HSTS Preload
Structured Headers (RFC 8941)
Early Hints (103)
Certificate Transparency
Subresource Integrity (SRI)
Web Linking (RFC 8288)
Proxy Authentication
Conditional Headers
X-Forwarded-For
Content-Encoding
gRPC-Gateway
RPC (Remote Procedure Call)
WebDAV (Web Distributed Authoring and Versioning)
Transfer Integrity
File Locking
Bandwidth Throttling
OAuth Authorization Code Flow
OAuth Client Credentials Flow
OAuth Implicit Flow (Legacy)
PKCE (Proof Key for Code Exchange)
OIDC (OpenID Connect)
Refresh Token
Access Token
Token Introspection (RFC 7662)
Token Revocation (RFC 7009)
OAuth Scopes
JWT Claims
JWK (JSON Web Key)
SAML (Security Assertion Markup Language)
SSO (Single Sign-On)
MFA (Multi-Factor Authentication)
TOTP (Time-Based One-Time Password)
HTTP Basic Authentication
HTTP Digest Authentication
Session Token
Passkey (WebAuthn)
TLS Versions
TLS 1.3
Certificate Authority (CA)
Certificate Chain
Certificate Pinning
Certificate Transparency (CT)
Forward Secrecy (PFS)
SNI (Server Name Indication)
OCSP (Online Certificate Status Protocol)
OCSP Stapling
Let's Encrypt
ACME Protocol (RFC 8555)
TLS Session Resumption
0-RTT (Zero Round Trip Time)
Key Exchange
PKI (Public Key Infrastructure)
SSL Stripping
CT Log (Certificate Transparency Log)
TLS Fingerprinting (JA3/JA4)
Post-Quantum TLS
Layer 4 Load Balancing
Layer 7 Load Balancing
Sticky Sessions (Session Affinity)
Consistent Hashing
Weighted Round Robin
Least Connections
Forward Proxy
Transparent Proxy
PROXY Protocol
HAProxy
Nginx (as Reverse Proxy)
Envoy Proxy
SSL Offloading
GSLB (Global Server Load Balancing)
Backend Pool
Failover
Request Routing
Active-Passive HA
Connection Multiplexing (Proxy)
xDS (Discovery Service Protocol)