/kraken/user requires an auth token with the user_read scope. If you’re doing requests to that yourself, change them to use /kraken/users/:id, which does not require auth. The embedded player does a request to that endpoint too, but in its case 401 is not an error, it’s just a status code: the viewer is not logged in.