OhMyApps
Back to Blog
Tools Developer HTTP API Tutorial

HTTP Status Codes: A Complete Reference Guide

5 min read By OhMyApps

HTTP status codes are three-digit numbers returned by servers to indicate the result of a client’s request. Understanding these codes is essential for debugging APIs, configuring web servers, and building robust applications.

Status Code Categories

HTTP status codes are grouped into five classes by their first digit:

1xx — Informational

The server received the request and is continuing to process it.

  • 100 Continue: The server received the request headers. The client should proceed to send the body. Used with large uploads to confirm the server is ready.
  • 101 Switching Protocols: The server is upgrading the connection (e.g., from HTTP to WebSocket).

2xx — Success

The request was received, understood, and accepted.

  • 200 OK: The standard success response. The body contains the requested data.
  • 201 Created: A new resource was created (common for POST requests).
  • 204 No Content: Success, but no body to return (common for DELETE requests).
  • 206 Partial Content: The server is returning a portion of the resource (used for range requests like video streaming).

3xx — Redirection

Further action is needed to complete the request.

  • 301 Moved Permanently: The resource has a new URL. Browsers and search engines update their references.
  • 302 Found: Temporary redirect. Clients should continue using the original URL.
  • 304 Not Modified: The cached version is still valid. Saves bandwidth by not re-sending data.
  • 307 Temporary Redirect: Like 302, but guarantees the HTTP method won’t change.
  • 308 Permanent Redirect: Like 301, but guarantees the HTTP method won’t change.

4xx — Client Error

The request contains an error on the client side.

  • 400 Bad Request: Malformed syntax, invalid parameters, or missing required fields.
  • 401 Unauthorized: Authentication required. The client must provide valid credentials.
  • 403 Forbidden: The server understood the request but refuses to authorize it. Valid credentials won’t help — the user doesn’t have permission.
  • 404 Not Found: The resource doesn’t exist at the requested URL.
  • 405 Method Not Allowed: The HTTP method isn’t supported for this endpoint (e.g., POST to a read-only resource).
  • 409 Conflict: The request conflicts with the current state (e.g., duplicate record, version conflict).
  • 422 Unprocessable Entity: The request is well-formed but contains semantic errors (e.g., validation failures).
  • 429 Too Many Requests: Rate limit exceeded. Check the Retry-After header.

5xx — Server Error

The server failed to fulfill a valid request.

  • 500 Internal Server Error: A generic server error. Check server logs for details.
  • 502 Bad Gateway: The server received an invalid response from an upstream server.
  • 503 Service Unavailable: The server is temporarily down (maintenance, overload).
  • 504 Gateway Timeout: The upstream server didn’t respond in time.

Most Common Status Codes in Practice

In everyday web development, you’ll encounter these codes most frequently:

CodeWhen You See It
200Successful API calls, page loads
201After creating a resource (POST)
301URL has permanently changed
400Sending malformed data to an API
401Expired or missing auth token
403Insufficient permissions
404Wrong URL or deleted resource
422Form validation errors
429Hitting API rate limits
500Unhandled server exception

Status Codes for API Design

When building REST APIs, choosing the right status code communicates intent clearly:

Creating Resources

POST /api/users
→ 201 Created (with Location header pointing to new resource)
→ 400 Bad Request (missing required fields)
→ 409 Conflict (email already exists)

Reading Resources

GET /api/users/123
→ 200 OK (with user data)
→ 404 Not Found (user doesn't exist)

Updating Resources

PUT /api/users/123
→ 200 OK (with updated data)
→ 404 Not Found (user doesn't exist)
→ 422 Unprocessable Entity (invalid data)

Deleting Resources

DELETE /api/users/123
→ 204 No Content (successfully deleted)
→ 404 Not Found (already deleted or never existed)

Debugging with Status Codes

401 vs 403

This is one of the most confused pairs:

  • 401: “I don’t know who you are.” → Send valid credentials.
  • 403: “I know who you are, but you can’t do this.” → Request different permissions.

404 vs 410

  • 404: “I can’t find it.” → It might exist later, might be a typo.
  • 410: “It’s gone forever.” → The resource was intentionally removed.

500 vs 502 vs 503

  • 500: The server itself crashed while processing your request.
  • 502: The server is a proxy and got a bad response from the backend.
  • 503: The server is temporarily unable to handle requests.

How to Use Our HTTP Status Code Reference

  1. Browse the complete list of HTTP status codes
  2. Search by code number (e.g., “404”) or description (e.g., “not found”)
  3. Filter by category using the buttons: 1xx Info, 2xx Success, 3xx Redirect, 4xx Client Error, 5xx Server Error
  4. Click any code to see its full description

Try our free HTTP Status Code Reference to quickly look up any status code.

Try Ghost Image Hub

The Chrome extension that makes managing your Ghost blog images a breeze.

Learn More
Back to all articles