Example HTTP Response
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="Proxy"- Corporate proxy requiring login
- Proxy credentials expired
- Missing proxy authentication
What does this mean?
The middleman needs ID too! Before reaching your destination, you need to prove yourself to the proxy server.
Technical Definition
The client must first authenticate itself with the proxy.
RFC Says
"The 407 (Proxy Authentication Required) status code is similar to 401 (Unauthorized), but it indicates that the client needs to authenticate itself in order to use a proxy. The proxy MUST send a Proxy-Authenticate header field containing a challenge applicable to that proxy for the target resource."
Plain English:
407 means 'You need to log in to the proxy server first.' Unlike 401 which is about authenticating with the destination server, 407 is specifically about authenticating with an intermediate proxy server that sits between you and the destination.
Common Misinterpretation
Don't confuse 407 with 401. Use 407 only when a proxy server needs authentication, not when your application server needs it. Most developers will never need to return 407 since it's specific to proxy server implementations.
Ready-to-use code for returning this HTTP status in your application:
// Express.js
app.get('/example', (req, res) => {
res.status(407).json({
error: 'Proxy Authentication Required',
message: 'Your error message here'
});
});
// Native HTTP
const http = require('http');
http.createServer((req, res) => {
res.writeHead(407, { 'Content-Type': 'application/json' });
res.end(JSON.stringify({
error: 'Proxy Authentication Required',
message: 'Your error message here'
}));
}).listen(3000);