Back to Blog
Tools Developer HTTP API Tutorial
HTTP Status Codes: A Complete Reference Guide
5 min read By OhMyApps
HTTP status codes are three-digit numbers returned by servers to indicate the result of a client’s request. Understanding these codes is essential for debugging APIs, configuring web servers, and building robust applications.
Status Code Categories
HTTP status codes are grouped into five classes by their first digit:
1xx — Informational
The server received the request and is continuing to process it.
- 100 Continue: The server received the request headers. The client should proceed to send the body. Used with large uploads to confirm the server is ready.
- 101 Switching Protocols: The server is upgrading the connection (e.g., from HTTP to WebSocket).
2xx — Success
The request was received, understood, and accepted.
- 200 OK: The standard success response. The body contains the requested data.
- 201 Created: A new resource was created (common for POST requests).
- 204 No Content: Success, but no body to return (common for DELETE requests).
- 206 Partial Content: The server is returning a portion of the resource (used for range requests like video streaming).
3xx — Redirection
Further action is needed to complete the request.
- 301 Moved Permanently: The resource has a new URL. Browsers and search engines update their references.
- 302 Found: Temporary redirect. Clients should continue using the original URL.
- 304 Not Modified: The cached version is still valid. Saves bandwidth by not re-sending data.
- 307 Temporary Redirect: Like 302, but guarantees the HTTP method won’t change.
- 308 Permanent Redirect: Like 301, but guarantees the HTTP method won’t change.
4xx — Client Error
The request contains an error on the client side.
- 400 Bad Request: Malformed syntax, invalid parameters, or missing required fields.
- 401 Unauthorized: Authentication required. The client must provide valid credentials.
- 403 Forbidden: The server understood the request but refuses to authorize it. Valid credentials won’t help — the user doesn’t have permission.
- 404 Not Found: The resource doesn’t exist at the requested URL.
- 405 Method Not Allowed: The HTTP method isn’t supported for this endpoint (e.g., POST to a read-only resource).
- 409 Conflict: The request conflicts with the current state (e.g., duplicate record, version conflict).
- 422 Unprocessable Entity: The request is well-formed but contains semantic errors (e.g., validation failures).
- 429 Too Many Requests: Rate limit exceeded. Check the
Retry-Afterheader.
5xx — Server Error
The server failed to fulfill a valid request.
- 500 Internal Server Error: A generic server error. Check server logs for details.
- 502 Bad Gateway: The server received an invalid response from an upstream server.
- 503 Service Unavailable: The server is temporarily down (maintenance, overload).
- 504 Gateway Timeout: The upstream server didn’t respond in time.
Most Common Status Codes in Practice
In everyday web development, you’ll encounter these codes most frequently:
| Code | When You See It |
|---|---|
| 200 | Successful API calls, page loads |
| 201 | After creating a resource (POST) |
| 301 | URL has permanently changed |
| 400 | Sending malformed data to an API |
| 401 | Expired or missing auth token |
| 403 | Insufficient permissions |
| 404 | Wrong URL or deleted resource |
| 422 | Form validation errors |
| 429 | Hitting API rate limits |
| 500 | Unhandled server exception |
Status Codes for API Design
When building REST APIs, choosing the right status code communicates intent clearly:
Creating Resources
POST /api/users
→ 201 Created (with Location header pointing to new resource)
→ 400 Bad Request (missing required fields)
→ 409 Conflict (email already exists)Reading Resources
GET /api/users/123
→ 200 OK (with user data)
→ 404 Not Found (user doesn't exist)Updating Resources
PUT /api/users/123
→ 200 OK (with updated data)
→ 404 Not Found (user doesn't exist)
→ 422 Unprocessable Entity (invalid data)Deleting Resources
DELETE /api/users/123
→ 204 No Content (successfully deleted)
→ 404 Not Found (already deleted or never existed)Debugging with Status Codes
401 vs 403
This is one of the most confused pairs:
- 401: “I don’t know who you are.” → Send valid credentials.
- 403: “I know who you are, but you can’t do this.” → Request different permissions.
404 vs 410
- 404: “I can’t find it.” → It might exist later, might be a typo.
- 410: “It’s gone forever.” → The resource was intentionally removed.
500 vs 502 vs 503
- 500: The server itself crashed while processing your request.
- 502: The server is a proxy and got a bad response from the backend.
- 503: The server is temporarily unable to handle requests.
How to Use Our HTTP Status Code Reference
- Browse the complete list of HTTP status codes
- Search by code number (e.g., “404”) or description (e.g., “not found”)
- Filter by category using the buttons: 1xx Info, 2xx Success, 3xx Redirect, 4xx Client Error, 5xx Server Error
- Click any code to see its full description
Try our free HTTP Status Code Reference to quickly look up any status code.
