401 Unauthorized

   The 401 (Unauthorized) status code indicates that the request has not
   been applied because it lacks valid authentication credentials for
   the target resource.  The server generating a 401 response MUST send
   a WWW-Authenticate header field (Section 4.1) containing at least one
   challenge applicable to the target resource.

   If the request included authentication credentials, then the 401
   response indicates that authorization has been refused for those
   credentials.  The user agent MAY repeat the request with a new or
   replaced Authorization header field (Section 4.2).  If the 401
   response contains the same challenge as the prior response, and the
   user agent has already attempted authentication at least once, then
   the user agent SHOULD present the enclosed representation to the
   user, since it usually contains relevant diagnostic information.