There are two side of the security coin: authentication and authorization. Authentication answers the question of who (a principal) is making the request to a given endpoint. Authorization is what determines if the principal is actually is allowed to do what they are trying to do. If authentication fails, a 401 Unauthorized response should be… Continue reading When to Return a 401 vs 403 HTTP Response
Christopher Davis 