# Authentication Failed

Authentication failed because the token is missing, invalid, or expired. The API cannot verify the identity of the caller.

**HTTP Status:** `401 Unauthorized`

## Error Codes

| Code | Description |
|  --- | --- |
| `missing_token` | No `Authorization` header provided |
| `invalid_token` | The token is not recognized or was revoked |
| `token_expired` | The token has expired -- obtain a new one via `/auth/token` |
| `invalid_client` | The client ID is not recognized |
| `invalid_client_secret` | The client secret does not match |
| `credential_revoked` | The API credential has been revoked |
| `credential_expired` | The API credential has expired |


## Example Response


```json
{
  "type": "https://docs.dinie.com/errors/authentication-failed",
  "title": "Unauthorized",
  "status": 401,
  "detail": "The access token has expired. Please request a new token.",
  "code": "token_expired"
}
```

## How to Resolve

- **`missing_token`** -- Include the `Authorization: Bearer <token>` header in every request.
- **`invalid_token`** -- Verify you are using the correct token. If the credential was revoked, create a new one via `/auth/credentials`.
- **`token_expired`** -- Tokens expire after 1 hour. Request a new token from `POST /auth/token` and cache it until expiry. See [Authentication](/en-us/apis/concepts/authentication) for token refresh patterns.
- **`invalid_client` / `invalid_client_secret`** -- Verify your client credentials. Check for extra whitespace or encoding issues.
- **`credential_revoked`** -- Create a new credential via `POST /auth/credentials`.
- **`credential_expired`** -- Create a new credential. Consider setting a longer or no expiration.


## See Also

- [Authentication guide](/en-us/apis/concepts/authentication) -- Token management and refresh
- [Error Handling guide](/en-us/apis/concepts/errors) -- Full error handling patterns and code examples