token-unauthorized

Type URI: https://developer.risepeople.com/errors/token-unauthorized HTTP status: 401 Unauthorized Format: application/problem+json (RFC 7807)

When this fires

The platform couldn't establish who you are. One of:

No Authorization header on the request, or the header didn't start with Bearer .
Malformed JWT — wrong number of segments, invalid base64, missing required claims.
Expired token — the exp claim is in the past. Refresh.
Bad signature — the JWT was tampered with, or signed with a key the platform doesn't recognize.
Revoked token — POST /oauth/revoke was called on this token.

Example response

{
  "type":   "https://developer.risepeople.com/errors/token-unauthorized",
  "title":  "Unauthorized",
  "status": 401,
  "detail": "Bearer token is missing or invalid.",
  "instance": "/v1/employees"
}

How to fix it

Check the header. It must be exactly Authorization: Bearer <token>. Common slips: missing Bearer , extra whitespace, lowercase bearer.
If the token is expired, use the refresh token flow to get a new access token. Refreshing rotates the refresh token too — discard the old one.
If the signature is invalid, make sure you're using a token issued by the production OAuth endpoint (https://api.risepeople.com/v1/oauth/token) and that you haven't accidentally truncated, re-encoded, or hand-edited it.
If the token was revoked, mint a new one via the same flow you used originally — Client Credentials or Authorization Code with PKCE.

If you need to distinguish "missing token" from "scope problem," compare to insufficient-scope: 401 means we don't know who you are, 403 means we know you but you can't do this.

When this fires​

Example response​

How to fix it​

When this fires

Example response

How to fix it