Error 401 Unauthorized shows up when ChatGPT or the OpenAI API rejects your login token or API key during a request. It can appear mid-session on the iOS or Mac app after a routine update, or in a terminal the moment an API call goes out, and in both cases the request never actually reaches your account data because the credential check fails first. This guide covers the exact causes and fixes for both app users and developers working with the API.

What Causes Error 401 in ChatGPT
The error appears when the server cannot verify who you are, even though the request itself reaches OpenAI correctly. Community reports point to three separate layers where this breaks down, and identifying which layer applies to you determines the fix.
On mobile and desktop apps, the local session token stops matching OpenAI’s records after a background update rewrites parts of the app. On the API side, most 401s trace back to a key that was revoked, regenerated elsewhere, or typed with a stray character, plus headers built by AI-generated or third-party wrapper code that don’t follow the current auth format. On managed networks, a security appliance sitting between the device and OpenAI can alter the request before it ever reaches OpenAI’s servers, which produces the same error code for a completely different reason.
Fix 1: Switch From the App to a Web Browser
If you see “Unusual activity has been detected from your device” on iOS or Mac, this is almost always a version mismatch after an automatic update, not an account restriction.
- Do not delete and reinstall the app. Reinstalling does not clear a server-side version flag and only wastes time.
- Open Chrome, Safari, or Edge and go directly to chatgpt.com.
- Log in with your normal credentials. Your chat history is stored in the cloud, so nothing is lost by switching from app to browser.
- If you hit a login loop on the web too, clear your browser cache and cookies for chatgpt.com, then log in again.
Fix 2: Regenerate and Correctly Format Your API Key
Developers seeing 401: Incorrect API key provided should treat a fresh key as the first diagnostic step.
- Log into the OpenAI developer dashboard and open Settings > API Keys.
- Click Create new secret key, copy it immediately, and delete the old key so nothing in your system keeps caching it.
- Confirm your authorization header uses the correct Bearer format:
Authorization: Bearer YOUR_API_KEY. - If you work inside an organization, check for an org ID mismatch and pass
OpenAI-Organization: org-yourorgidif needed. - Avoid asking ChatGPT to write your own API authentication code. Models with older training data can reference deprecated endpoints, so cross-check against the live OpenAI API authentication docs instead.
- If a third-party wrapper library handles your requests, switch back to the official SDK. Run
pip install openaifor Python ornpm install openaifor Node.js.
Fix 3: Check for Corporate Proxy Interference
If the 401 only happens on a work or school network, and works fine over mobile data, a network inspection tool is likely the cause. Developer reports on GitHub point to Cisco Umbrella intercepting requests to chatgpt.com and issuing a 302 redirect through its inspection gateway, which breaks CLI tools like Codex even though browsers handle the redirect transparently.
- Test on a different network, such as a phone hotspot, to confirm the proxy is the issue.
- Ask your IT team to check whether any system between your device and OpenAI inspects or rewrites traffic to chatgpt.com or api.openai.com.
- Request that they whitelist these endpoints so the Authorization header passes through unmodified.
How to Check If ChatGPT Is Down
Before changing any settings, rule out a server-side outage.
- Visit the OpenAI Status Page.
- Check the status for both “chatgpt.com” and “API” separately, since one can be affected while the other works fine.
- If an incident is listed for iOS, treat macOS as likely affected too, since the two often share the same underlying issue.
Frequently Asked Questions
Will I lose my chat history if I switch from the app to the browser?
No. Chat history syncs to your account in the cloud rather than being stored locally on the device, so it appears as normal after logging in through a browser.
Does regenerating my API key affect other apps using the same account?
Only the specific key you delete stops working. Any other keys tied to your account keep functioning, so update just the app or script that was throwing the 401 with the new key.
How do I fix a ChatGPT network proxy 401 error?
A corporate firewall or inspection proxy is likely stripping or altering the Authorization header before it reaches OpenAI. Ask your IT department to whitelist the ChatGPT and API endpoints without inspecting that traffic.
Why do I keep getting error 401 on ChatGPT?
The connection fails a credential check. On the app, it is usually a version mismatch after an update. On the API, it means the key is invalid, revoked, or the headers are formatted incorrectly.
Can a VPN cause a ChatGPT 401 error?
Yes, in some cases. A VPN that routes traffic through a flagged or shared IP range can trigger the same authentication rejection as a corporate proxy. Try disabling the VPN and logging in again to see if the error clears.