# 407 Proxy Authentication Required

> https://http-status.org/docs/407

**Family:** 4xx Client Error

## Rationale

Client must authenticate with a proxy before making the request.

## In Plain Terms

You need to authenticate with the proxy server first before it will forward your request to the destination.

## Description

The HTTP 407 Proxy Authentication Required status code indicates that the client must first authenticate itself with the proxy before the request can be fulfilled.

## Server Perspective

### Usage
- Return 407 from the proxy, not the origin server
- Use it when the client must authenticate to the intermediary itself
- Corporate proxy requires authentication
- Authenticated proxy servers
- Network security proxy authentication
- Content filtering proxy login

### Implementation
- Include Proxy-Authenticate so the client knows which proxy auth scheme to use
- Expect the retried request to carry Proxy-Authorization

### Common Headers
- Proxy-Authenticate

### Body
- Optionally include a short proxy-authentication error; avoid leaking credential details.

### Pitfalls
- Do not confuse 407 proxy auth with 401 origin-server auth
- Do not rely on origin-application error handling to explain proxy failures clearly
- Origin server authentication (use 401 Unauthorized)
- General authorization issues (use 403 Forbidden)
- Network-level auth (use 511 Network Authentication Required)

## Client Perspective

### Pitfalls
- Do not treat 407 like a normal application 401 error

## Examples

### Corporate proxy authentication

Must provide credentials to corporate proxy before accessing external sites

**Request:**
```
GET https://api.example.test/external-resource
Host: example.com
```

**Response:**
```
407 Proxy Authentication Required
Proxy-Authenticate: Basic realm="corporate-proxy"
```

## Related Codes

- [401 Unauthorized](/docs/401.md)