HTTP Status Codes Reference

http api reference


Quick Reference by Category

1xx: Informational

CodeNameDescription
100ContinueClient can continue sending the rest of the request
101Switching ProtocolsServer agrees to switch protocols (e.g., WebSocket upgrade)

2xx: Success

CodeNameDescription
200OKRequest succeeded
201CreatedNew resource created successfully
202AcceptedRequest accepted for processing (async)
204No ContentSuccess, but no content in response body

3xx: Redirection

CodeNameDescription
301Moved PermanentlyResource permanently moved to new URL
302FoundResource temporarily moved (commonly misused)
303See OtherRedirect to different URI using GET
304Not ModifiedResource unchanged; use cached version
307Temporary RedirectTemporary redirect, preserve method
308Permanent RedirectPermanent redirect, preserve method

4xx: Client Error

CodeNameDescription
400Bad RequestMalformed syntax or invalid request
401UnauthorizedAuthentication required or failed
403ForbiddenAuthenticated but not authorized
404Not FoundResource doesn’t exist
405Method Not AllowedHTTP method not supported for this resource
409ConflictRequest conflicts with current state
410GoneResource permanently deleted
422Unprocessable EntityValidation error (WebDAV, common in APIs)
429Too Many RequestsRate limit exceeded

5xx: Server Error

CodeNameDescription
500Internal Server ErrorUnexpected server-side error
501Not ImplementedServer doesn’t support this functionality
502Bad GatewayInvalid response from upstream server
503Service UnavailableServer overloaded or in maintenance
504Gateway TimeoutUpstream server didn’t respond in time

API Design: When to Use Which

Creating Resources (POST)

ScenarioStatus Code
Resource created successfully201 Created (with Location header)
Creation queued/async processing202 Accepted
Validation failed400 Bad Request or 422 Unprocessable Entity
Duplicate resource409 Conflict

Reading Resources (GET)

ScenarioStatus Code
Resource found200 OK
Resource not found404 Not Found
Resource deleted410 Gone (if you want to indicate it existed)
Not modified (with ETag/If-None-Match)304 Not Modified

Updating Resources (PUT/PATCH)

ScenarioStatus Code
Update successful, return resource200 OK
Update successful, no content204 No Content
Resource doesn’t exist404 Not Found
Concurrent modification conflict409 Conflict
Validation failed400 Bad Request or 422 Unprocessable Entity

Deleting Resources (DELETE)

ScenarioStatus Code
Deleted successfully204 No Content
Resource not found404 Not Found
Cannot delete (dependencies)409 Conflict

Authentication/Authorization

ScenarioStatus Code
Not logged in / invalid token401 Unauthorized
Logged in but not permitted403 Forbidden
API key missing401 Unauthorized
Rate limit exceeded429 Too Many Requests

Troubleshooting Guide

400 Bad Request

  • Check JSON syntax (missing quotes, trailing commas)
  • Verify Content-Type header matches body format
  • Check required fields are present
  • Validate data types (string vs number)

401 Unauthorized

  • Token expired? Refresh or re-authenticate
  • Missing Authorization header
  • Wrong auth scheme (Bearer vs Basic)
  • API key in wrong location (header vs query param)

403 Forbidden

  • User lacks required permissions/roles
  • Resource-level access denied
  • IP not whitelisted
  • CORS preflight failed (check origin)

404 Not Found

  • Check URL path spelling
  • Check if ID/slug exists
  • API version in URL correct?
  • Trailing slash issues

500 Internal Server Error

  • Check server logs for stack trace
  • Recent deployment issues
  • Database connection problems
  • Null pointer / unhandled exception

502 Bad Gateway

  • Upstream service down
  • Load balancer can’t reach backend
  • Backend crashed or not responding
  • Check health endpoints

503 Service Unavailable

  • Service overloaded
  • Planned maintenance (check Retry-After header)
  • Circuit breaker tripped
  • Resource exhaustion (memory, connections)

504 Gateway Timeout

  • Upstream service slow
  • Database query timeout
  • Long-running operation (use async)
  • Increase timeout or optimize

Common Headers with Status Codes

HeaderUsed WithPurpose
Location201, 3xxURL of created/redirected resource
Retry-After429, 503When to retry (seconds or date)
WWW-Authenticate401Auth scheme required
ETag200, 304Resource version for caching
X-RateLimit-*429Rate limit details

Full Reference Table

CategoryCodeNameDescription
1xx Informational100ContinueClient should continue with request
1xx Informational101Switching ProtocolsServer switching protocols
1xx Informational102Processing (WebDAV)Server processing, no response yet
2xx Success200OKRequest succeeded
2xx Success201CreatedNew resource created
2xx Success202AcceptedAccepted for async processing
2xx Success204No ContentSuccess with no body
3xx Redirection301Moved PermanentlyNew permanent URI
3xx Redirection302FoundTemporary redirect
3xx Redirection303See OtherRedirect with GET
3xx Redirection304Not ModifiedUse cached version
3xx Redirection307Temporary RedirectTemp redirect, keep method
4xx Client Error400Bad RequestMalformed request
4xx Client Error401UnauthorizedAuth required/failed
4xx Client Error403ForbiddenAccess denied
4xx Client Error404Not FoundResource not found
4xx Client Error405Method Not AllowedMethod not supported
4xx Client Error409ConflictState conflict
4xx Client Error410GonePermanently removed
4xx Client Error422Unprocessable EntityValidation error
4xx Client Error429Too Many RequestsRate limited
5xx Server Error500Internal Server ErrorUnexpected server error
5xx Server Error501Not ImplementedFeature not supported
5xx Server Error502Bad GatewayInvalid upstream response
5xx Server Error503Service UnavailableServer overloaded/maintenance
5xx Server Error504Gateway TimeoutUpstream timeout