## API and authentication issues This section addresses common API and authentication issues: - [Why do I get 401 error on refresh requests?](#why-do-i-get-401-error-on-refresh-requests) - [What does “redirect_uri_message” mean?](#what-does-redirect_uri_message-mean) ### Why do I get a 401 error on refresh requests? Frontegg sends a refresh cookie in refresh requests to `/user/token/refresh`. If the user's refresh token is valid, a new refresh cookie will be returned. However, there are several scenarios where a refresh request may result in a 401 response: #### 1. Expected behavior during login checks If you see a 401 error on a refresh request when the login box loads, this is expected behavior. Frontegg uses this check to determine if the user is already logged in: - If the user is logged in, they are redirected directly to your app. - If the user is not logged in, they are prompted to log in. #### 2. Refresh request errors after login attempts A 401 error on the refresh request (`/user/token/refresh`) after a user attempts to log in is often caused by **blocked third-party cookies**. Browsers like Safari, incognito mode, or mobile browsers frequently block third-party cookies by default, which prevents the refresh cookie from being validated and leads to 401 errors. #### Resolution To address this, we recommend using a custom domain. Follow the steps in the [Adding Custom Domain guide](/ciam/guides/env-settings/custom-domain) to configure one. Once you have set up a custom domain, update your `contextOptions` configuration to replace your Frontegg domain (`baseURL`) with your custom domain. ### What does “redirect_uri_message” mean? When using Frontegg's hosted solution, any redirect URLs you intend to use must be explicitly authorized. If you attempt to redirect to a URL that has not been added, you will encounter the following error: `"errors":["Redirect uri wasn't found"]`. #### Steps to resolve the issue: 1. Open the **Frontegg portal**. 2. Navigate to: [ENVIRONMENT] ➜ Configurations ➜ Authentication ➜ Login method. 3. Under the **Hosted login** section, add the URL you are attempting to redirect to in the **URLs** field. Once the URL has been added, try the redirect again, and it should work without issues.