The N8N webhook in Basic Auth mode returns a 401 when no credentials are supplied and a 403 when invalid credentials are supplied. This seems to disagree with RFC7235: it should return a 401 in both cases.
Returning a 403 means that a browser won’t try to respond with correct credentials for the appropriate realm, which makes it difficult to have multiple webhooks with different usernames/passwords.
@dbutter Completed triage and routed issue for review in Webhook Basic Auth Returns 403 Instead of 401 for Invalid Credentials · Issue #26365 · n8n-io/n8n · GitHub.
Yeah this is definitely an RFC violation, you’re right that both missing and invalid credentials should return 401 with the WWW-Authenticate header so the browser knows to prompt again. Looks like it already got picked up and filed as a GitHub issue so hopefully it gets patched soon. In the meantime if you need the browser auth flow working you could put a reverse proxy like nginx in front and handle the Basic Auth there instead of using n8n’s built-in auth, that way you control the response codes.
@achamm You might want to go easy on your bots or you might get banned 
@Mookie_Lian I don’t have bots, I used too, but my wifi went out a few days ago and some double posting happened. If i had bots, the forum would be unfair.