HTTP status codes are the language servers use to respond to requests. Understanding what each code means is essential for any developer, DevOps engineer, or designer who works with APIs or web applications.
How Codes Are Organized
All HTTP codes have 3 digits. The first digit defines the category:
| Range | Category | Meaning | |---|---|---| | 1xx | Informational | The request was received and is being processed | | 2xx | Success | The request was received, understood, and accepted | | 3xx | Redirection | Further action is needed to complete the request | | 4xx | Client error | The request contains bad syntax or cannot be fulfilled | | 5xx | Server error | The server failed to fulfill an apparently valid request |
1xx Codes: Informational
100 Continue
The server received the request headers and the client may proceed to send the body.
101 Switching Protocols
The server agrees to switch protocols as requested by the client (e.g., HTTP to WebSocket).
102 Processing
The server is processing the request but has no response available yet (WebDAV).
103 Early Hints
Allows the client to start preloading resources while the server prepares the full response.
2xx Codes: Success
200 OK
The request was successful. The meaning depends on the HTTP method used.
201 Created
The request was successful and a new resource was created. Used in response to POST and PUT requests.
202 Accepted
The request was accepted but has not yet been processed. Common in asynchronous workflows.
204 No Content
The request was successful but there is no content to return. Common with DELETE and PUT.
206 Partial Content
The server is delivering only part of the resource (used in range downloads or video streaming).
3xx Codes: Redirection
301 Moved Permanently
The resource has permanently moved to a new URL. Search engines transfer link equity to the new address.
302 Found
Temporary redirect. The client should use the original URL in future requests.
304 Not Modified
Indicates the resource has not changed since the last request. The client can use its cached version.
307 Temporary Redirect
Same as 302, but guarantees the original HTTP method will not be changed.
308 Permanent Redirect
Same as 301, but guarantees the original HTTP method will not be changed.
4xx Codes: Client Error
400 Bad Request
The request is malformed, invalid, or cannot be processed. Check the format of the data you sent.
401 Unauthorized
Authentication is required. In practice it means "not authenticated": the client did not provide valid credentials.
403 Forbidden
The server understood the request but refuses to fulfill it. The client is authenticated but lacks permission.
404 Not Found
The requested resource was not found. This can be temporary or permanent.
405 Method Not Allowed
The HTTP method used (e.g., DELETE) is not supported for that endpoint.
408 Request Timeout
The server closed the connection due to client inactivity.
409 Conflict
The request conflicts with the current state of the resource (e.g., trying to create a duplicate).
410 Gone
The resource existed but was permanently removed. Unlike 404, this signals intentional removal.
413 Content Too Large
The request body exceeds the server's configured limit.
422 Unprocessable Content
The request is well-formed but contains semantic errors (widely used in REST APIs for data validation).
429 Too Many Requests
The client sent too many requests in a short time (rate limiting).
5xx Codes: Server Error
500 Internal Server Error
Generic server error. Something went wrong that doesn't fit any other 5xx code.
501 Not Implemented
The server does not support the functionality needed to fulfill the request.
502 Bad Gateway
The server, acting as a gateway, received an invalid response from the upstream.
503 Service Unavailable
The server is temporarily unavailable due to overload or maintenance.
504 Gateway Timeout
The server, acting as a gateway, did not receive a timely response from the upstream.
507 Insufficient Storage
The server does not have enough storage to complete the request (WebDAV).
Practical Tips
Use 201 instead of 200 when creating resources: returning 201 Created with a Location header pointing to the new resource is the semantically correct way to respond to a successful POST.
401 vs 403: 401 means "you need to authenticate," 403 means "you are authenticated but do not have permission." Mixing them up is a classic mistake.
Always return 422 for validation errors: many APIs still use 400 for everything, but 422 is semantically more accurate when the problem is in the submitted data, not the request format itself.
Cache and 304: implementing ETag and If-None-Match support lets clients use cached responses correctly, reducing bandwidth and latency.
Frequently Asked Questions
What is the difference between 404 and 410? 404 means "not found right now" — it can be temporary. 410 means "intentionally removed and not coming back." Search engines treat them differently: a 410 is removed from the index faster.
Why does my API return 200 even when there's an error? This pattern is called "200 OK with error body" and is common in older APIs. It's considered bad practice because it breaks the HTTP contract and makes monitoring tools unreliable.
Does status code 418 actually exist?
Yes, 418 I'm a teapot is real. It was defined in RFC 2324 as an April Fools' joke in 1998. Some servers implement it as an easter egg.
Working with APIs? The JSON Formatter on UtilWave helps you visualize and validate request and response bodies with one click.