401 is about failed Authentication - I say who I am, do you believe me? If not - respond with 401 Unauthenticated
Example: login failed due to invalid credentials.
403 is about failed Authorization - my authentication is accepted, can I access this? If not - respond with 403 Unauthorized
Example: access to specific resource is not permitted with my role.
