401.002.01Daraja API error

M-Pesa error 401.002.01: Unauthorized — invalid or expired access token

This is a Daraja API error — Safaricom rejects the request itself, before any customer prompt, usually over authentication or payload validation.

What causes it

The OAuth access token is missing, malformed, or expired (tokens have a ~1 hour TTL), returning HTTP 401.

How to fix it

Request a fresh token and send it as an 'Authorization: Bearer <token>' header, refreshing before expiry.

How paylod handles this

paylod manages Daraja OAuth tokens, request signing, and payload formatting for you — the whole class of authentication and malformed-request errors is handled by the wrapper, so you send one clean REST call and get a typed response.

See the paylod M-Pesa API

Related M-Pesa error codes

Sources