HTTP 401 Unauthorized vs SIP 401 Unauthorized
HTTP and SIP both use 401 Unauthorized to indicate missing or invalid authentication, reflecting SIP's design heritage from HTTP. Despite sharing the same code and name, the authentication mechanisms differ significantly between web APIs and VoIP systems.
Descrição
The request requires user authentication. The response includes a WWW-Authenticate header indicating the authentication scheme.
Quando você o vê
When accessing a protected resource without credentials or with expired tokens.
Como corrigir
Include valid authentication credentials (API key, Bearer token, Basic auth) in the Authorization header.
Descrição
The request requires user authentication. The response includes a WWW-Authenticate header with a challenge for the realm.
Quando você o vê
When making a request that requires Digest authentication. Common for REGISTER and INVITE requests to authenticated SIP trunks.
Como corrigir
Resend the request with proper Authorization header containing valid credentials (Digest authentication).
Diferenças principais
HTTP 401 typically uses Bearer tokens, API keys, or session cookies; SIP 401 uses Digest authentication with nonces.
SIP 401 includes a WWW-Authenticate header with a realm and nonce for Digest auth; HTTP 401 may use various schemes.
SIP authentication happens during call setup (INVITE); HTTP authentication happens per request.
SIP 401 triggers a re-INVITE with credentials in the Authorization header; HTTP 401 triggers a retry with auth headers.
SIP borrowed the 401 code from HTTP/1.1 — the semantics are the same, but the auth protocols differ.
Quando usar qual
In HTTP, return 401 when a request lacks valid credentials (missing or expired JWT, invalid API key). In SIP, the registrar or proxy returns 401 when a UA (phone/softphone) has not authenticated for REGISTER or INVITE. The SIP client should retry with Digest credentials computed from the nonce in the challenge.