Reference

HTTP Status Codes Reference

Complete guide to HTTP status codes from 1xx to 5xx with examples, use cases, and best practices.

Overview

1xx - Informational

Request received, continuing process.

• 100 Continue
• 101 Switching Protocols
• 102 Processing
2xx - Success

Request successfully received, understood, and accepted.

• 200 OK
• 201 Created
• 204 No Content
3xx - Redirection

Further action must be taken to complete the request.

• 301 Moved Permanently
• 302 Found
• 304 Not Modified
4xx - Client Error

Request contains bad syntax or cannot be fulfilled.

• 400 Bad Request
• 401 Unauthorized
• 404 Not Found
5xx - Server Error

Server failed to fulfill an apparently valid request.

• 500 Internal Server Error
• 502 Bad Gateway
• 503 Service Unavailable

1xx - Informational Responses

100Continue

The server has received the request headers and the client should proceed to send the request body.

Use Case

When uploading large files, client can check if server will accept the request before sending the body.

http
101Switching Protocols

Server is switching protocols as requested by the client (e.g., upgrading to WebSocket).

Use Case

WebSocket handshake, HTTP/2 upgrade.

http

2xx - Success

200OK

Standard response for successful HTTP requests. The actual response depends on the request method.

Use Cases

  • GET: Resource retrieved and returned in response body
  • PUT/PATCH: Resource updated successfully
  • POST: Action completed (when not creating a resource)
json
201Created

Request succeeded and a new resource was created. Should include Location header with URL of new resource.

Use Case

POST requests that create new resources.

json
202Accepted

Request accepted for processing, but processing has not completed. Used for asynchronous operations.

Use Cases

  • • Background job processing
  • • Batch operations
  • • Long-running tasks
javascript
204No Content

Request succeeded but there is no content to return. No response body should be sent.

Use Cases

  • • DELETE requests (resource successfully deleted)
  • • PUT/PATCH when no response data needed
  • • Actions that don't need to return data
http
206Partial Content

Server is delivering only part of the resource due to a range request from the client.

Use Cases

  • • Video streaming (resumable downloads)
  • • Large file downloads
  • • Bandwidth optimization
json

3xx - Redirection

301Moved Permanently

Resource has been permanently moved to a new URL. All future requests should use the new URL.

Use Cases

  • • URL restructuring
  • • Domain changes
  • • SEO-friendly redirects
http
302Found

Resource temporarily located at a different URL. Future requests should still use the original URL.

Use Cases

  • • Temporary redirects
  • • A/B testing
  • • Maintenance mode redirects
http
304Not Modified

Resource has not been modified since last requested. Client can use cached version.

Use Cases

  • • Conditional GET requests
  • • Browser caching
  • • Bandwidth optimization
http
307Temporary Redirect

Temporary redirect, but request method must not change (unlike 302 which allows method change).

Use Case

When you need to preserve the HTTP method during redirect (e.g., POST should remain POST).

http
308Permanent Redirect

Permanent redirect where request method and body must not change (unlike 301).

Use Case

Permanent URL changes where HTTP method preservation is required.

http

4xx - Client Errors

400Bad Request

Server cannot process the request due to malformed syntax, invalid data, or other client error.

Use Cases

  • • Invalid JSON syntax
  • • Missing required parameters
  • • Malformed request data
json
401Unauthorized

Authentication is required and has failed or not been provided. Should include WWW-Authenticate header.

Use Cases

  • • Missing authentication token
  • • Invalid or expired token
  • • Invalid credentials
json
403Forbidden

Server understood request but refuses to authorize it. Different from 401 - authentication won't help.

Use Cases

  • • Insufficient permissions
  • • Access to forbidden resource
  • • IP blocking
json
404Not Found

Requested resource could not be found. Most commonly used error code.

Use Cases

  • • Resource doesn't exist
  • • Invalid endpoint
  • • Deleted resource
json
405Method Not Allowed

HTTP method is not supported for the requested resource. Should include Allow header.

Use Case

Client uses wrong HTTP method (e.g., POST when only GET is allowed).

json
409Conflict

Request conflicts with current state of the server. Often used for duplicate resources or version conflicts.

Use Cases

  • • Duplicate email/username
  • • Version conflicts
  • • Business rule violations
json
422Unprocessable Entity

Request was well-formed but contains semantic errors. Used for validation failures.

Use Cases

  • • Validation errors
  • • Invalid field values
  • • Business logic failures
json
429Too Many Requests

User has sent too many requests in a given time period. Should include Retry-After header.

Use Cases

  • • Rate limiting enforcement
  • • DDoS protection
  • • API quota exceeded
json

5xx - Server Errors

500Internal Server Error

Generic error when server encounters an unexpected condition. Never expose internal error details to clients.

Use Cases

  • • Unhandled exceptions
  • • Database errors
  • • Any unexpected server error
json
502Bad Gateway

Server acting as gateway received invalid response from upstream server.

Use Cases

  • • Upstream service down
  • • Invalid response from proxy
  • • Load balancer issues
json
503Service Unavailable

Server is temporarily unavailable (maintenance, overloaded). Should include Retry-After header.

Use Cases

  • • Scheduled maintenance
  • • Server overload
  • • Temporary shutdown
json
504Gateway Timeout

Server acting as gateway did not receive timely response from upstream server.

Use Cases

  • • Upstream timeout
  • • Slow database queries
  • • Network issues
json

Quick Reference Table

CodeNameWhen to Use
200OKSuccessful GET, PUT, PATCH
201CreatedResource created (POST)
202AcceptedAsync processing started
204No ContentSuccessful DELETE, no response needed
301Moved PermanentlyPermanent URL change
302FoundTemporary redirect
304Not ModifiedUse cached version
400Bad RequestInvalid request syntax
401UnauthorizedAuthentication required/failed
403ForbiddenInsufficient permissions
404Not FoundResource doesn't exist
405Method Not AllowedWrong HTTP method
409ConflictDuplicate resource, version conflict
422Unprocessable EntityValidation errors
429Too Many RequestsRate limit exceeded
500Internal Server ErrorUnexpected server error
502Bad GatewayInvalid upstream response
503Service UnavailableMaintenance, overload
504Gateway TimeoutUpstream timeout
Status Code Best Practices
Use correct status codes: Don't return 200 for errors or 500 for validation failures
201 for creation: Always use 201 (not 200) when creating new resources
204 for no content: Use 204 for successful DELETE or when no response data needed
401 vs 403: 401 for auth required, 403 for insufficient permissions
422 for validation: Use 422 (not 400) for semantic validation errors
Include helpful headers: WWW-Authenticate for 401, Retry-After for 429/503
Never expose internals: Don't leak stack traces or database errors in 500 responses
Consistent error format: Use same JSON structure for all error responses
Location header: Include Location header with 201 pointing to new resource
Cache validation: Use 304 with ETag/Last-Modified for efficient caching
Previous: WebhooksNext: Search & Filter