# UNAUTHORIZED — authentication required or token invalid

Returned when the `Authorization` header is missing, the bearer token is expired, the token signature is invalid, or the token was issued by an untrusted …

<em>cyoda-go version <a href="https://github.com/Cyoda-platform/cyoda-go/releases/tag/v0.6.2">0.6.2</a></em>

# errors.UNAUTHORIZED

## NAME

UNAUTHORIZED — the request does not include valid authentication credentials or the provided token failed verification.

## SYNOPSIS

HTTP: `401` `Unauthorized`. Retryable: `no`.

## DESCRIPTION

Returned when the `Authorization` header is missing, the bearer token is expired, the token signature is invalid, or the token was issued by an untrusted issuer. Also returned when a request reaches a protected route with no identity context established by the auth middleware.

Not retryable with the same token. A fresh `Authorization: Bearer <token>` header is required.

## SEE ALSO

- errors
- errors.FORBIDDEN

## See also

- [`cyoda help errors`](/help/errors/) — Every error response from the Cyoda REST API carries a structured `errorCode` in the `properties` object. Multiple codes may share the same HTTP status. Programmatic handling keys on `errorCode`, not HTTP status.
- [`cyoda help errors FORBIDDEN`](/help/errors/forbidden/) — The request was authenticated successfully but the caller's JWT claims do not include the role required by the endpoint (for example, `admin` is required for administrative operations). Tenant mismatch — where the caller's tenant does not match the resource — also produces this error.

## Raw formats

- [`/help/errors/unauthorized.json`](/help/errors/unauthorized.json) — full descriptor (matches `GET /help/{topic}` envelope)
- [`/help/errors/unauthorized.md`](/help/errors/unauthorized.md) — body only