Error Reference
unauthorized
| Field | Value |
|---|---|
| Type URI | https://docs.kordiam.app/docs/errors/unauthorized |
| HTTP Status | 401 Unauthorized |
Description
The request lacks valid authentication credentials or the provided credentials are invalid. Returned both for protected endpoints when the bearer token is missing/invalid/expired and for the bootstrap endpoints (/api/v2/auth/token, /api/v2/auth/refresh) when the supplied client credentials or refresh token are rejected.
Response Example
Code
The detail value depends on the failure mode:
| Scenario | detail |
|---|---|
| Missing/expired/malformed bearer token on a protected endpoint | Invalid or expired authentication token |
Wrong client_id / client_secret on /api/v2/auth/token | Invalid client credentials |
Refresh token unknown or expired on /api/v2/auth/refresh | Invalid or expired refresh token |
Common Causes
- Missing the
Authorizationheader entirely on a protected endpoint - Using an expired or malformed access token
- Submitting wrong
client_id/client_secretto/api/v2/auth/token - Using a refresh token that is unknown, expired, or already rotated
How to Fix
Obtain a valid access token through the authentication flow and include it in the Authorization header as a bearer token. For example:
Code
If your token has expired, request a new one via /api/v2/auth/refresh or by re-authenticating with /api/v2/auth/token. If credentials themselves are rejected, double-check the client_id / client_secret issued for your integration.
Last modified on