Face Liveness SDK Package Authentication Failure (E401)

Hello Akesh Mohanan Webotix,

Welcome to Microsoft Q&A and Thank you for reaching out.

I understand why this is confusing the E401 error strongly suggests a credential problem, but in this case the issue is not with your Face API or Limited Access approval, and re-generating Face API tokens will not resolve it.

Key clarification

The Face Liveness Web SDK package (@azure/ai-vision-face-ui) is hosted in a private Azure DevOps Artifacts npm feed, and:

Face API keys or Face API bearer tokens cannot authenticate to this feed

Limited Access approval enables use of the Face Liveness feature, but does not automatically grant access to the DevOps npm registry

That’s why npm returns:

E401 – Incorrect or missing password

Even when Face API authentication is working correctly.

Correct authentication method for the npm feed

The registry

https://pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/

only accepts Azure DevOps credentials, not Azure AI / Face API tokens.

Supported option: Azure DevOps Personal Access Token (PAT)

Sign in to Azure DevOps (any organization you have access to)

Create a Personal Access Token (PAT) with:

• Scope: Packaging → Read

Base64-encode the PAT:

echo -n :<PAT> | base64

Configure .npmrc like this:

@azure:registry=https://pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/
//pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/:username=any
//pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/:_password=<BASE64_PAT>
//pkgs.dev.azure.com/msface/SDK/_packaging/AzureAIVision/npm/registry/:email=unused@example.com
always-auth=true

The username and email values are ignored; only the PAT is used.

What will not work

Face API keys

Face API OAuth / bearer tokens

Tokens generated from the Face API endpoint

Azure subscription credentials or Managed Identity

If any of these are placed in .npmrc, npm will always return E401.

Please refer this

• What is the Azure AI Face service?
• Quickstart: Use the Face service
• Tutorial: Detect liveness in faces

I Hope this helps. Do let me know if you have any further queries.

Thank you!

Hi ,

Thanks for reaching out to Microsoft Q&A.

Face API keys or tokens do not authenticate to the private npm feed. @azure/ai-vision-face-ui is hosted in Azure DevOps Artifacts, which only accepts Azure DevOps credentials. Use an Azure DevOps PAT + user identity. If PAT cannot authenticate, your org or user is not added to the msface ADO feed and Microsoft support must enable it.

Summary of what you really need to do:

1. Create a Personal Access Token (PAT) under the ADO org msface (not your tenant, not your subscription, not Face API) Azure DevOps → User Settings -> Personal Access Token Scopes required: Packaging (Read)
2. Base64-encode PAT with your ADO user name format: <ado-username>:<PAT> (Convert to base64 and paste into .npmrc)
3. Do not use accessToken from the Face endpoint That token only authorizes API calls, not private package feeds.
4. You must be whitelisted for the DevOps org Limited Access means Microsoft has granted your tenant access, but your user must still be listed on the ADO feed. If your PAT still fails, request Microsoft to:
   • add your Azure AD user/service principal to the DevOps feed

Please 'Upvote'(Thumbs-up) and 'Accept' as answer if the reply was helpful. This will be benefitting other community members who face the same issue.