Telegram error 401 bot token is required

Error handling

There will be errors when working with the API, and they must be correctly handled on the client.
An error is characterized by several parameters:

Numerical value similar to HTTP status. Contains information on the type of error that occurred: for example, a data input error, privacy error, or server error. This is a required parameter.

A string literal in the form of /[A-Z_0-9]+/ , which summarizes the problem. For example, AUTH_KEY_UNREGISTERED . This is an optional parameter.

A full machine-readable JSON list of RPC errors that can be returned by all methods in the API can be found here », what follows is a description of its fields:

• errors — All error messages and codes for each method (object).
  • Keys: Error codes as strings (numeric strings)
  • Values: All error messages for each method (object)
    • Keys: Error messages (string)
    • Values: An array of methods which may emit this error (array of strings)
• descriptions — Descriptions for every error mentioned in errors (and a few other errors not related to a specific method)
  • Keys: Error messages
  • Values: Error descriptions
• user_only — A list of methods that can only be used by users, not bots.

Error messages and error descriptions may contain printf placeholders in key positions, for now only %d is used to map durations contained in error messages to error descriptions.

There should be a way to handle errors that are returned in rpc_error constructors.

Below is a list of error codes and their meanings:

The request must be repeated, but directed to a different data center.

• FILE_MIGRATE_X: the file to be accessed is currently stored in a different data center.
• PHONE_MIGRATE_X: the phone number a user is trying to use for authorization is associated with a different data center.
• NETWORK_MIGRATE_X: the source IP address is associated with a different data center (for registration)
• USER_MIGRATE_X: the user whose identity is being used to execute queries is associated with a different data center (for registration)

In all these cases, the error description’s string literal contains the number of the data center (instead of the X) to which the repeated query must be sent. More information about redirects between data centers »

The query contains errors. In the event that a request was created using a form and contains user generated data, the user should be notified that the data must be corrected before the query is repeated.

• FIRSTNAME_INVALID: The first name is invalid
• LASTNAME_INVALID: The last name is invalid
• PHONE_NUMBER_INVALID: The phone number is invalid
• PHONE_CODE_HASH_EMPTY: phone_code_hash is missing
• PHONE_CODE_EMPTY: phone_code is missing
• PHONE_CODE_EXPIRED: The confirmation code has expired
• API_ID_INVALID: The api_id/api_hash combination is invalid
• PHONE_NUMBER_OCCUPIED: The phone number is already in use
• PHONE_NUMBER_UNOCCUPIED: The phone number is not yet being used
• USERS_TOO_FEW: Not enough users (to create a chat, for example)
• USERS_TOO_MUCH: The maximum number of users has been exceeded (to create a chat, for example)
• TYPE_CONSTRUCTOR_INVALID: The type constructor is invalid
• FILE_PART_INVALID: The file part number is invalid
• FILE_PARTS_INVALID: The number of file parts is invalid
• FILE_PART_X_MISSING: Part X (where X is a number) of the file is missing from storage
• MD5_CHECKSUM_INVALID: The MD5 checksums do not match
• PHOTO_INVALID_DIMENSIONS: The photo dimensions are invalid
• FIELD_NAME_INVALID: The field with the name FIELD_NAME is invalid
• FIELD_NAME_EMPTY: The field with the name FIELD_NAME is missing
• MSG_WAIT_FAILED: A request that must be completed before processing the current request returned an error
• MSG_WAIT_TIMEOUT: A request that must be completed before processing the current request didn’t finish processing yet

There was an unauthorized attempt to use functionality available only to authorized users.

• AUTH_KEY_UNREGISTERED: The key is not registered in the system
• AUTH_KEY_INVALID: The key is invalid
• USER_DEACTIVATED: The user has been deleted/deactivated
• SESSION_REVOKED: The authorization has been invalidated, because of the user terminating all sessions
• SESSION_EXPIRED: The authorization has expired
• AUTH_KEY_PERM_EMPTY: The method is unavailable for temporary authorization key, not bound to permanent

Privacy violation. For example, an attempt to write a message to someone who has blacklisted the current user.

An attempt to invoke a non-existent object, such as a method.

Similar to 400 BAD_REQUEST, but the app must display the error to the user a bit differently.
Do not display any visible error to the user when receiving the rpc_error constructor: instead, wait for an updateServiceNotification update, and handle it as usual.
Basically, an updateServiceNotification popup update will be emitted independently (ie NOT as an Updates constructor inside rpc_result but as a normal update) immediately after emission of a 406 rpc_error : the update will contain the actual localized error message to show to the user with a UI popup.

An exception to this is the AUTH_KEY_DUPLICATED error, which is only emitted if any of the non-media DC detects that an authorized session is sending requests in parallel from two separate TCP connections, from the same or different IP addresses.
Note that parallel connections are still allowed and actually recommended for media DCs.
Also note that by session we mean a logged-in session identified by an authorization constructor, fetchable using account.getAuthorizations, not an MTProto session.

If the client receives an AUTH_KEY_DUPLICATED error, the session is already invalidated by the server and the user must generate a new auth key and login again.

The maximum allowed number of attempts to invoke the given method with the given input parameters has been exceeded. For example, in an attempt to request a large number of text messages (SMS) for the same phone number.

• FLOOD_WAIT_X: A wait of X seconds is required (where X is a number)

An internal server error occurred while a request was being processed; for example, there was a disruption while accessing a database or file storage.

If a client receives a 500 error, or you believe this error should not have occurred, please collect as much information as possible about the query and error and send it to the developers.

If a server returns an error with a code other than the ones listed above, it may be considered the same as a 500 error and treated as an internal server error.

Источник

401 Response ERROR!! #168

i Runned echo_bot.py But i Getting This Error:

Please Help Me!!

The text was updated successfully, but these errors were encountered:

Yes,
Now i getting this:

Bots: An introduction for developers

Bots are third-party applications that run inside Telegram. Users can interact with bots by sending them messages, commands and inline requests. You control your bots using HTTPS requests to our bot API.

To name just a few things, you could use bots to:

Get customized notifications and news. A bot can act as a smart newspaper, sending you relevant content as soon as it’s published.
Forbes Bot, TechCrunch Bot

Integrate with other services. A bot can enrich Telegram chats with content from external services.
Image Bot, GIF bot, IMDB bot, Wiki bot, Music bot (NEW), Youtube bot (NEW)

Create custom tools. A bot may provide you with alerts, weather forecasts, translations, formatting or other services.
Poll bot, GitHub bot, Markdown bot, Sticker bot (NEW)

Build single- and multiplayer games. A bot can play chess and checkers against you, act as host in quiz games, or even take up the dungeon master’s dice for an RPG.
Trivia bot

Build social services. A bot could connect people looking for conversation partners based on common interests or proximity.
HotOrBot

Do virtually anything else. Except for dishes — bots are terrible at doing the dishes.

At the core, Telegram Bots are special accounts that do not require an additional phone number to set up. Users can interact with bots in two ways:

• Send messages and commands to bots by opening a chat with them or by adding them to groups. This is useful for chat bots or news bots like the official TechCrunch and Forbes bots.
• Send requests directly from the input field by typing the bot’s @username and a query. This allows sending content from inline bots directly into any chat, group or channel.

Messages, commands and requests sent by users are passed to the software running on your servers. Our intermediary server handles all encryption and communication with the Telegram API for you. You communicate with this server via a simple HTTPS-interface that offers a simplified version of the Telegram API. We call that interface our Bot API.

A detailed description of the Bot API is available on this page »

There’s a… bot for that. Just talk to BotFather (described below) and follow a few simple steps. Once you’ve created a bot and received your authorization token, head down to the Bot API manual to see what you can teach your bot to do.

You may also like to check out some code examples here »

• Bots have no online status and no last seen timestamps, the interface shows the label ‘bot’ instead.
• Bots have limited cloud storage — older messages may be removed by the server shortly after they have been processed.
• Bots can’t initiate conversations with users. A user must either add them to a group or send them a message first. People can use telegram.me/ links or username search to find your bot.
• Bot usernames always end in ‘bot’ (e.g. @TriviaBot, @GitHub_bot).
• When added to a group, bots do not receive all messages by default (see Privacy mode).
• Bots never eat, sleep or complain (unless expressly programmed otherwise).

Telegram bots are unique in many ways — we offer two kinds of keyboards, additional interfaces for default commands and deep linking as well as markdown support and much, much more.

Users can interact with your bot via inline queries straight from the text input field in any chat. All they need to do is start a message with your bot’s username and then type a query.

Having received the query, your bot can return some results. As soon as the user taps one of them, it will be sent to the user’s currently opened chat. This way, people can request content from your bot in any of their chats, groups or channels.

Check out this blog to see a sample inline bot in action. You can also try the @sticker and @music bots to see for yourself.

We’ve also implemented an easy way for your bot to switch between inline and PM modes.

Traditional chat bots can of course be taught to understand human language. But sometimes you want some more formal input from the user — and this is where custom keyboards can become extremely useful.

Whenever your bot sends a message, it can pass along a special keyboard with predefined reply options (see ReplyKeyboardMarkup). Telegram apps that receive the message will display your keyboard to the user. Tapping any of the buttons will immediately send the respective command. This way you can drastically simplify user interaction with your bot.

We currently support text and emoji for your buttons. Here are some custom keyboard examples:

For more technical information on custom keyboards, please consult the Bot API manual (see sendMessage).

There are times when you’d prefer to do things without sending any messages to the chat. For example, when your user is changing settings or flipping through search results. In such cases you can use Inline Keyboards that are integrated directly into the messages they belong to.

Unlike with custom reply keyboards, pressing buttons on inline keyboards doesn’t result in messages sent to the chat. Instead, inline keyboards support buttons that work behind the scenes: callback buttons, URL buttons and switch to inline buttons.

When callback buttons are used, your bot can update its existing messages (or just their keyboards) so that the chat remains tidy. Check out this sample bot to see inline keyboards in action: @music.

Commands present a more flexible way to communicate with your bot. The following syntax may be used:

A command must always start with the ‘/’ symbol and may not be longer than 32 characters. Commands can use latin letters, numbers and underscores. Here are a few examples:

Messages that start with a slash will be always passed to the bot (along with replies to its messages and messages that @mention the bot by username). Telegram apps will:

• Suggest a list of supported commands with descriptions when the user enters a ‘/’ (for this to work, you need to have provided a list of commands to the BotFather). Tapping on a command in the list immediately sends the command.
• Show an additional (/) button in the input field in all chats with bots. Tapping it types a ‘/’ and shows the list of commands.
• Highlight /commands in messages. When the user taps a highlighted command, the command is sent at once.

If multiple bots are in a group, it is possible to add bot usernames to commands in order to avoid confusion:

This is done automatically when commands are selected via the list of suggestions. Please remember that your bot needs to be able to process commands that are followed by its username.

In order to make it easier for users to navigate the bot multiverse, we ask all developers to support a few basic commands. Telegram apps will have interface shortcuts for these commands.

• /start — begins interaction with the user, e.g., by sending a greeting message. This command can also be used to pass additional parameters to the bot (see Deep linking)
• /help — returns a help message. It can be a short text about what your bot can do and a list of commands.
• /settings — (if applicable) returns the bot’s settings for this user and suggests commands to edit these settings.

Users will see a Start button when they first open a conversation with your bot. Help and Settings links will be available in the menu on the bot’s profile page.

You can use bold, italic or fixed-width text, as well as inline links in your bots’ messages. Telegram clients will render them accordingly.

Bots are frequently added to groups in order to augment communication between human users, e.g. by providing news, notifications from external services or additional search functionality. This is especially true for work-related groups. Now, when you share a group with a bot, you tend to ask yourself “How can I be sure that the little rascal isn’t selling my chat history to my competitors?” The answer is — privacy mode.

A bot running in privacy mode will not receive all messages that people send to the group. Instead, it will only receive:

• Messages that start with a slash ‘/’ (see Commands above)
• Replies to the bot’s own messages
• Service messages (people added or removed from the group, etc.)

On one hand, this helps some of us sleep better at night (in our tinfoil nightcaps), on the other — it allows the bot developer to save a lot of resources, since they won’t need to process tens of thousands irrelevant messages each day.

Privacy mode is enabled by default for all bots, except bots that were added to the group as admins. It can be disabled, so that the bot will begin receiving all messages like an ordinary user. We only recommend doing this in cases where it is absolutely necessary for your bot to work — users can always see a bot’s current privacy setting in the group members list. In most cases, using the force reply option for the bot’s messages should be more than enough.

Telegram bots have a deep linking mechanism, that allows for passing additional parameters to the bot on startup. It could be a command that launches the bot — or an auth token to connect the user’s Telegram account to their account on some external service.

Each bot has a link that opens a conversation with it in Telegram — https://telegram.me/ . You can add the parameters start or startgroup to this link, with values up to 64 characters long. For example:

A-Z , a-z , 0-9 , _ and — are allowed. We recommend using base64url to encode parameters with binary and other types of content.

Following a link with the start parameter will open a one-on-one conversation with the bot, showing a START button in the place of the input field. If the startgroup parameter is used, the user will be prompted to select a group to add the bot to. As soon as a user confirms the action (presses the START button in their app or selects a group to add the bot to), your bot will receive a message from that user in this format:

PAYLOAD stands for the value of the start or startgroup parameter that was passed in the link.

Suppose the website example.com would like to send notifications to its users via a Telegram bot. Here’s what they could do to enable notifications for a user with the ID 123 .

1. Create a bot with a suitable username, e.g. @ExampleComBot
2. Set up a webhook for incoming messages
3. Generate a random string of a sufficient length, e.g. $memcache_key = «vCH1vGWJxfSeofSAs0K5PA»
4. Put the value 123 with the key $memcache_key into Memcache for 3600 seconds (one hour)
5. Show our user the button https://telegram.me/ExampleComBot?start=vCH1vGWJxfSeofSAs0K5PA
6. Configure the webhook processor to query Memcached with the parameter that is passed in incoming messages beginning with /start . If the key exists, record the chat_id passed to the webhook as telegram_chat_id for the user 123 . Remove the key from Memcache.
7. Now when we want to send a notification to the user 123 , check if they have the field telegram_chat_id. If yes, use the sendMessage method in the Bot API to send them a message in Telegram.

Some bots need extra data from the user to work properly. For example, knowing the user‘s location helps provide more relevant geo-specific results. The user’s phone number can be very useful for integrations with other services, like banks, etc.

Bots can ask a user for their location and phone number using special buttons. Note that both phone number and location request buttons will only work in private chats.

When these buttons are pressed, Telegram clients will display a confirmation alert that tells the user what’s about to happen.

BotFather is the one bot to rule them all. It will help you create new bots and change settings for existing ones.

Use the /newbot command to create a new bot. The BotFather will ask you for a name and username, then generate an authorization token for your new bot.

The name of your bot will be displayed in contact details and elsewhere.

The Username is a short name, to be used in mentions and telegram.me links. Usernames are 5-32 characters long and are case insensitive, but may only include Latin characters, numbers, and underscores. Your bot’s username must end in ‘bot’, e.g. ‘tetris_bot’ or ‘TetrisBot’.

The token is a string along the lines of 110201543:AAHdqTcvCH1vGWJxfSeofSAs0K5PALDsaw that will be required to authorize the bot and send requests to the Bot API.

If your existing token is compromised or you lost it for some reason, use the /token command to generate a new one.

The remaining commands are pretty self-explanatory:

• /setname – change your bot’s name.
• /setdescription — changes the bot’s description, a short text of up to 512 characters, describing your bot. Users will see this text at the beginning of the conversation with the bot, titled ‘What can this bot do?’.
• /setabouttext — changes the bot’s about info, an even shorter text of up to 120 characters. Users will see this text on the bot’s profile page. When they share your bot with someone, this text will be sent together with the link.
• /setuserpic — changes the bot‘s profile pictures. It’s always nice to put a face to a name.
• /setcommands — changes the list of commands supported by your bot. Each command has a name (must start with a slash ‘/’, alphanumeric plus underscores, no more than 32 characters, case-insensitive), parameters, and a text description. Users will see the list of commands whenever they type ‘/’ in a conversation with your bot.
• /setjoingroups — determines whether your bot can be added to groups or not. Any bot must be able to process private messages, but if your bot was not designed to work in groups, you can disable this.
• /setprivacy — determines which messages your bot will receive when added to a group. With privacy mode disabled, the bot will receive all messages. We recommend leaving privacy mode enabled.
• /deletebot — deletes your bot and frees its username.

Please note, that it may take a few minutes for changes to take effect.

That’s it for the introduction, you are now definitely ready to proceed to the BOT API MANUAL.

If you’ve got any questions, please check out our Bot FAQ »

Источник

There will be errors when working with the API, and they must be correctly handled on the client.
An error is characterized by several parameters:

Error Code

Numerical value similar to HTTP status. Contains information on the type of error that occurred: for example, a data input error, privacy error, or server error. This is a required parameter.

Error Type

A string literal in the form of /[A-Z_0-9]+/, which summarizes the problem. For example, AUTH_KEY_UNREGISTERED. This is an optional parameter.

Error Database

A full machine-readable JSON list of RPC errors that can be returned by all methods in the API can be found here », what follows is a description of its fields:

• errors — All error messages and codes for each method (object).
  • Keys: Error codes as strings (numeric strings)
  • Values: All error messages for each method (object)
    • Keys: Error messages (string)
    • Values: An array of methods which may emit this error (array of strings)
• descriptions — Descriptions for every error mentioned in errors (and a few other errors not related to a specific method)
  • Keys: Error messages
  • Values: Error descriptions
• user_only — A list of methods that can only be used by users, not bots.

Error messages and error descriptions may contain printf placeholders in key positions, for now only %d is used to map durations contained in error messages to error descriptions.

Example:

{
    "errors": {
        "420": {
            "2FA_CONFIRM_WAIT_%d": [
                "account.deleteAccount"
            ],
            "SLOWMODE_WAIT_%d": [
                "messages.forwardMessages",
                "messages.sendInlineBotResult",
                "messages.sendMedia",
                "messages.sendMessage",
                "messages.sendMultiMedia"
            ]
        }
    },
    "descriptions": {
        "2FA_CONFIRM_WAIT_%d": "Since this account is active and protected by a 2FA password, we will delete it in 1 week for security purposes. You can cancel this process at any time, you'll be able to reset your account in %d seconds.",
        "SLOWMODE_WAIT_%d": "Slowmode is enabled in this chat: wait %d seconds before sending another message to this chat.",
        "FLOOD_WAIT_%d": "Please wait %d seconds before repeating the action."
    },
    "user_only": {
        "account.deleteAccount"
    }
}

Error Constructors

There should be a way to handle errors that are returned in rpc_error constructors.

Below is a list of error codes and their meanings:

303 SEE_OTHER

The request must be repeated, but directed to a different data center.

Examples of Errors:

• FILE_MIGRATE_X: the file to be accessed is currently stored in a different data center.
• PHONE_MIGRATE_X: the phone number a user is trying to use for authorization is associated with a different data center.
• NETWORK_MIGRATE_X: the source IP address is associated with a different data center (for registration)
• USER_MIGRATE_X: the user whose identity is being used to execute queries is associated with a different data center (for registration)

In all these cases, the error description’s string literal contains the number of the data center (instead of the X) to which the repeated query must be sent.
More information about redirects between data centers »

400 BAD_REQUEST

The query contains errors. In the event that a request was created using a form and contains user generated data, the user should be notified that the data must be corrected before the query is repeated.

Examples of Errors:

• FIRSTNAME_INVALID: The first name is invalid
• LASTNAME_INVALID: The last name is invalid
• PHONE_NUMBER_INVALID: The phone number is invalid
• PHONE_CODE_HASH_EMPTY: phone_code_hash is missing
• PHONE_CODE_EMPTY: phone_code is missing
• PHONE_CODE_EXPIRED: The confirmation code has expired
• API_ID_INVALID: The api_id/api_hash combination is invalid
• PHONE_NUMBER_OCCUPIED: The phone number is already in use
• PHONE_NUMBER_UNOCCUPIED: The phone number is not yet being used
• USERS_TOO_FEW: Not enough users (to create a chat, for example)
• USERS_TOO_MUCH: The maximum number of users has been exceeded (to create a chat, for example)
• TYPE_CONSTRUCTOR_INVALID: The type constructor is invalid
• FILE_PART_INVALID: The file part number is invalid
• FILE_PARTS_INVALID: The number of file parts is invalid
• FILE_PART_X_MISSING: Part X (where X is a number) of the file is missing from storage
• MD5_CHECKSUM_INVALID: The MD5 checksums do not match
• PHOTO_INVALID_DIMENSIONS: The photo dimensions are invalid
• FIELD_NAME_INVALID: The field with the name FIELD_NAME is invalid
• FIELD_NAME_EMPTY: The field with the name FIELD_NAME is missing
• MSG_WAIT_FAILED: A request that must be completed before processing the current request returned an error
• MSG_WAIT_TIMEOUT: A request that must be completed before processing the current request didn’t finish processing yet

401 UNAUTHORIZED

There was an unauthorized attempt to use functionality available only to authorized users.

Examples of Errors:

• AUTH_KEY_UNREGISTERED: The key is not registered in the system
• AUTH_KEY_INVALID: The key is invalid
• USER_DEACTIVATED: The user has been deleted/deactivated
• SESSION_REVOKED: The authorization has been invalidated, because of the user terminating all sessions
• SESSION_EXPIRED: The authorization has expired
• AUTH_KEY_PERM_EMPTY: The method is unavailable for temporary authorization key, not bound to permanent

403 FORBIDDEN

Privacy violation. For example, an attempt to write a message to someone who has blacklisted the current user.

404 NOT_FOUND

An attempt to invoke a non-existent object, such as a method.

406 NOT_ACCEPTABLE

Similar to 400 BAD_REQUEST, but the app must display the error to the user a bit differently.
Do not display any visible error to the user when receiving the rpc_error constructor: instead, wait for an updateServiceNotification update, and handle it as usual.
Basically, an updateServiceNotification popup update will be emitted independently (ie NOT as an Updates constructor inside rpc_result but as a normal update) immediately after emission of a 406 rpc_error: the update will contain the actual localized error message to show to the user with a UI popup.

An exception to this is the AUTH_KEY_DUPLICATED error, which is only emitted if any of the non-media DC detects that an authorized session is sending requests in parallel from two separate TCP connections, from the same or different IP addresses.
Note that parallel connections are still allowed and actually recommended for media DCs.
Also note that by session we mean a logged-in session identified by an authorization constructor, fetchable using account.getAuthorizations, not an MTProto session.

If the client receives an AUTH_KEY_DUPLICATED error, the session is already invalidated by the server and the user must generate a new auth key and login again.

420 FLOOD

The maximum allowed number of attempts to invoke the given method with the given input parameters has been exceeded. For example, in an attempt to request a large number of text messages (SMS) for the same phone number.

Error Example:

• FLOOD_WAIT_X: A wait of X seconds is required (where X is a number)

500 INTERNAL

An internal server error occurred while a request was being processed; for example, there was a disruption while accessing a database or file storage.

If a client receives a 500 error, or you believe this error should not have occurred, please collect as much information as possible about the query and error and send it to the developers.

Other Error Codes

If a server returns an error with a code other than the ones listed above, it may be considered the same as a 500 error and treated as an internal server error.

Появление сообщения об ошибке 401 Unauthorized Error («отказ в доступе») при открытии страницы сайта означает неверную авторизацию или аутентификацию пользователя на стороне сервера при обращении к определенному url-адресу. Чаще всего она возникает при ошибочном вводе имени и/или пароля посетителем ресурса при входе в свой аккаунт. Другой причиной являются неправильные настройки, допущенные при администрировании web-ресурса. Данная ошибка отображается в браузере в виде отдельной страницы с соответствующим описанием. Некоторые разработчики интернет-ресурсов, в особенности крупных порталов, вводят собственную дополнительную кодировку данного сбоя:

• 401 Unauthorized;
• Authorization Required;
• HTTP Error 401 – Ошибка авторизации.

Попробуем разобраться с наиболее распространенными причинами возникновения данной ошибки кода HTTP-соединения и обсудим способы их решения.

Причины появления ошибки сервера 401 и способы ее устранения на стороне пользователя

При доступе к некоторым сайтам (или отдельным страницам этих сайтов), посетитель должен пройти определенные этапы получения прав:

1. Идентификация – получение вашей учетной записи («identity») по username/login или email.
2. Аутентификация («authentic») – проверка того, что вы знаете пароль от этой учетной записи.
3. Авторизация – проверка вашей роли (статуса) в системе и решение о предоставлении доступа к запрошенной странице или ресурсу на определенных условиях.

Большинство пользователей сохраняют свои данные по умолчанию в истории браузеров, что позволяет быстро идентифицироваться на наиболее часто посещаемых страницах и синхронизировать настройки между устройствами. Данный способ удобен для серфинга в интернете, но может привести к проблемам с безопасностью доступа к конфиденциальной информации. При наличии большого количества авторизованных регистрационных данных к различным сайтам используйте надежный мастер-пароль, который закрывает доступ к сохраненной в браузере информации.

Наиболее распространенной причиной появления ошибки с кодом 401 для рядового пользователя является ввод неверных данных при посещении определенного ресурса. В этом и других случаях нужно попробовать сделать следующее:

1. Проверьте в адресной строке правильность написания URL. Особенно это касается перехода на подстраницы сайта, требующие авторизации. Введите правильный адрес. Если переход на страницу осуществлялся после входа в аккаунт, разлогинитесь, вернитесь на главную страницу и произведите повторный вход с правильными учетными данными.
2. При осуществлении входа с сохраненными данными пользователя и появлении ошибки сервера 401 проверьте их корректность в соответствующих настройках данного браузера. Возможно, авторизационные данные были вами изменены в другом браузере. Также можно очистить кэш, удалить cookies и повторить попытку входа. При удалении истории браузера или очистке кэша потребуется ручное введение логина и пароля для получения доступа. Если вы не помните пароль, пройдите процедуру восстановления, следуя инструкциям.
3. Если вы считаете, что вводите правильные регистрационные данные, но не можете получить доступ к сайту, обратитесь к администратору ресурса. В этом случае лучше всего сделать скриншот проблемной страницы.
4. Иногда блокировка происходит на стороне провайдера, что тоже приводит к отказу в доступе и появлению сообщения с кодировкой 401. Для проверки можно попробовать авторизоваться на том же ресурсе с альтернативного ip-адреса (например, используя VPN). При подтверждении блокировки трафика свяжитесь с провайдером и следуйте его инструкциям.

Некоторые крупные интернет-ресурсы с большим количеством подписчиков используют дополнительные настройки для обеспечения безопасности доступа. К примеру, ваш аккаунт может быть заблокирован при многократных попытках неудачной авторизации. Слишком частые попытки законнектиться могут быть восприняты как действия бота. В этом случае вы увидите соответствующее сообщение, но можете быть просто переадресованы на страницу с кодом 401. Свяжитесь с администратором сайта и решите проблему.

Иногда простая перезагрузка проблемной страницы, выход из текущей сессии или использование другого веб-браузера полностью решают проблему с 401 ошибкой авторизации.

Устранение ошибки 401 администратором веб-ресурса 

Для владельцев сайтов, столкнувшихся с появлением ошибки отказа доступа 401, решить ее порою намного сложнее, чем обычному посетителю ресурса. Есть несколько рекомендаций, которые помогут в этом:

• Обращение в службу поддержки хостинга сайта. Как и в случае возникновения проблем с провайдером, лучше всего подробно описать последовательность действий, приведших к появлению ошибки 401, приложить скриншот.
• При отсутствии проблем на стороне хостинг-провайдера можно внести следующие изменения в настройки сайта с помощью строки Disallow:/адрес проблемной страницы. Запретить индексацию страницам с ошибкой в «rоbоts.txt», после чего добавить в файл «.htассеss» строку такого типа:

Redirect 301 /oldpage.html http://site.com/newpage.html.

Где в поле /oldpage.html прописывается адрес проблемной страницы, а в http://site.com/newpage.html адрес страницы авторизации.

Таким образом вы перенаправите пользователей со всех страниц, которые выдают ошибку 401, на страницу начальной авторизации.

• Если после выполнения предыдущих рекомендаций пользователи при попытках авторизации все равно видят ошибку 401, то найдите на сервере файл «php.ini» и увеличьте время жизни сессии, изменив значения следующих параметров: «session.gc_maxlifetime» и «session.cookie_lifetime» на 1440 и 0 соответственно.
• Разработчики веб-ресурсов могут использовать более сложные методы авторизации и аутентификации доступа для создания дополнительной защиты по протоколу HTTP. Если устранить сбой простыми методами администрирования не удается, следует обратиться к специалистам, создававшим сайт, для внесения соответствующих изменений в код.

Хотя ошибка 401 и является проблемой на стороне клиента, ошибка пользователя на стороне сервера может привести к ложному требованию входа в систему. К примеру, сетевой администратор разрешит аутентификацию входа в систему всем пользователям, даже если это не требуется. В таком случае сообщение о несанкционированном доступе будет отображаться для всех, кто посещает сайт. Баг устраняется внесением соответствующих изменений в настройки.

Дополнительная информация об ошибке с кодом 401

Веб-серверы под управлением Microsoft IIS могут предоставить дополнительные данные об ошибке 401 Unauthorized в виде второго ряда цифр:

• 401, 1 – войти не удалось;
• 401, 2 – ошибка входа в систему из-за конфигурации сервера;
• 401, 3 – несанкционированный доступ из-за ACL на ресурс;
• 401, 501 – доступ запрещен: слишком много запросов с одного и того же клиентского IP; ограничение динамического IP-адреса – достигнут предел одновременных запросов и т.д.

Более подробную информацию об ошибке сервера 401 при использовании обычной проверки подлинности для подключения к веб-узлу, который размещен в службе MS IIS, смотрите здесь. 

Следующие сообщения также являются ошибками на стороне клиента и относятся к 401 ошибке:

• 400 Bad Request; 
• 403 Forbidden; 
• 404 Not Found;
• 408 Request Timeout.

Как видим, появление ошибки авторизации 401 Unauthorized не является критичным для рядового посетителя сайта и чаще всего устраняется самыми простыми способами. В более сложной ситуации оказываются администраторы и владельцы интернет-ресурсов, но и они в 100% случаев разберутся с данным багом путем изменения настроек или корректировки html-кода с привлечением разработчика сайта.