Appearance

unauthorized

unauthorized

Description

The request is missing valid authentication credentials.

HTTP Status

401 Unauthorized

doc_url Format

The doc_url value is an absolute URL and changes by environment:

<docs-base-url>/errors/unauthorized

Typical Causes

  • Missing session cookie or bearer token.
  • Invalid or expired bearer token.
  • Missing client certificate serial header or malformed serial on /v1/auth/token.
  • Invalid credentials on /v1/auth/login or /v1/auth/token.
  • Missing, invalid, or expired access token on /v1/auth/me.
  • Missing bearer token on POST /v1/support/subscribers/{subscriberId}/requests (NO_SESSION).
  • Inactive or expired bearer token on POST /v1/support/subscribers/{subscriberId}/requests (SESSION_EXPIRED).
  • Malformed bearer token on POST /v1/support/subscribers/{subscriberId}/requests (INVALID_BEARER_TOKEN).
  • Missing bearer token on GET /v1/billing/commissions or GET /v1/billing/commissions/{commissionId}/download (NO_SESSION).
  • Inactive or expired bearer token on billing commission endpoints (SESSION_EXPIRED).
  • Malformed bearer token on billing commission endpoints (INVALID_BEARER_TOKEN).
  • Missing bearer token on POST /v1/total-surrender/policies/{policyId}/declarations or GET /v1/total-surrender/policies/{policyId}/declarations/{declarationId} (NO_SESSION).
  • Inactive or expired bearer token on total-surrender declaration endpoints (SESSION_EXPIRED).
  • Malformed bearer token on total-surrender declaration endpoints (INVALID_BEARER_TOKEN).
  • Missing bearer token on POST /v1/partial-surrender/policies/{policyId}/compartments/{compartmentId}/declarations or GET /v1/partial-surrender/policies/{policyId}/compartments/{compartmentId}/declarations/{declarationId} (NO_SESSION).
  • Inactive or expired bearer token on partial-surrender declaration endpoints (SESSION_EXPIRED).
  • Malformed bearer token on partial-surrender declaration endpoints (INVALID_BEARER_TOKEN).
  • Missing bearer token on GET /v1/death-settlement/policies/{policyId}/standard-beneficiary-designations, GET /v1/death-settlement/policies/{policyId}/beneficiary-designation, or PUT /v1/death-settlement/policies/{policyId}/beneficiary-designation (NO_SESSION).
  • Inactive or expired bearer token on death-settlement beneficiary-designation endpoints (SESSION_EXPIRED).
  • Malformed bearer token on death-settlement beneficiary-designation endpoints (INVALID_BEARER_TOKEN).
  • Missing bearer token on POST /v1/pay-out/subscribers/{subscriberId}/ibans or PATCH /v1/pay-out/subscribers/{subscriberId}/ibans/{iban}/make-default (NO_SESSION).
  • Inactive or expired bearer token on pay-out IBAN endpoints (SESSION_EXPIRED).
  • Malformed bearer token on pay-out IBAN endpoints (INVALID_BEARER_TOKEN).
  • Missing bearer token on subscription endpoints, including POST /v1/subscription/subscribers, POST /v1/subscription/insurees, POST /v1/subscription/subscribers/{subscriberId}/subscriptions, GET /v1/subscription/subscriptions/{subscriptionId}, and all document/signing/withdraw routes (NO_SESSION).
  • Inactive or expired bearer token on subscription endpoints (SESSION_EXPIRED).
  • Malformed bearer token on subscription endpoints (INVALID_BEARER_TOKEN).
  • Missing, invalid, or expired bearer token on compartment-lifecycle endpoints.
  • Signature verification failed for webhook requests.

Example

Response:

json
{
  "errors": [
    {
      "code": "unauthorized",
      "message": "NO_SESSION",
      "doc_url": "https://docs.example.com/errors/unauthorized"
    }
  ]
}

How To Fix

  1. Provide a valid authentication token or signature.
  2. Sign in again if the session expired.
  3. Retry with corrected authentication credentials.