HTTP headers / response header
WWW-Authenticate: Bearer realm="api", error="invalid_token"
Sent with 401 responses to tell the client which authentication scheme and parameters the server expects. The error/error_description params in Bearer challenges often name the exact problem.
Many APIs skip it, which is why a bare 401 is so annoying to debug — read it when present, it is the server telling you what it wants.
The fastest way to see what WWW-Authenticate is actually doing is to send the request and read both sides raw — ReqPad shows auto-generated and custom headers for every request, on all six protocols, with history. Related references: status codes · Content-Encoding · Transfer-Encoding · ETag · Last-Modified · Expires · Location
Build the request, send it, read raw headers and timing — from your iPhone. Free to start.