Devkitrdevkitr
API & Web Tools

Understanding HTTP Status Codes — A Developer's Complete Guide

2026-01-0510 min read

HTTP status codes are three-digit numbers returned by web servers to indicate the result of a client's request. Understanding them is essential for building, debugging, and consuming APIs effectively.


Status Code Categories


1xx — Informational

The request was received and the server is continuing to process it.


  • 100 Continue — the server received the request headers; the client should send the body
  • 101 Switching Protocols — the server is switching to the protocol requested by the client (e.g., WebSocket upgrade)

    • 2xx — Success

    The request was successfully received, understood, and accepted.


  • 200 OK — standard success response
  • 201 Created — a new resource was successfully created (typical for POST requests)
  • 204 No Content — success, but no response body (typical for DELETE or PUT)
  • 206 Partial Content — the server returned only part of the resource (range requests)

    • 3xx — Redirection

    The client needs to take additional action to complete the request.


  • 301 Moved Permanently — the resource has a new permanent URL (SEO: passes link juice)
  • 302 Found — temporary redirect (the original URL should still be used)
  • 304 Not Modified — the cached version is still valid (saves bandwidth)
  • 307 Temporary Redirect — like 302, but preserves the HTTP method
  • 308 Permanent Redirect — like 301, but preserves the HTTP method

    • 4xx — Client Errors

    The request contains an error on the client's side.


  • 400 Bad Request — malformed request syntax or invalid data
  • 401 Unauthorized — authentication is required but missing or invalid
  • 403 Forbidden — the server understood the request but refuses to authorize it
  • 404 Not Found — the requested resource doesn't exist
  • 405 Method Not Allowed — the HTTP method isn't supported for this endpoint
  • 409 Conflict — the request conflicts with the current state (e.g., duplicate creation)
  • 422 Unprocessable Entity — the request is well-formed but has semantic errors
  • 429 Too Many Requests — rate limit exceeded

    • 5xx — Server Errors

    The server failed to fulfill a valid request.


  • 500 Internal Server Error — generic server-side error
  • 502 Bad Gateway — the server acting as a gateway received an invalid response
  • 503 Service Unavailable — the server is temporarily overloaded or down for maintenance
  • 504 Gateway Timeout — the upstream server didn't respond in time

    • Best Practices for API Developers


  • Use 201 for successful POST (creation) requests, not 200
  • Return 204 for successful DELETE operations with no response body
  • Use 400 for validation errors; include details in the response body
  • Use 401 for missing/invalid auth, 403 for insufficient permissions
  • Implement 429 with Retry-After header for rate limiting
  • Never return 200 with an error message in the body — use proper status codes

    • Check our HTTP Status Codes Reference for a searchable, categorized list of all status codes.


    Related Articles

    API & Web Tools

    REST API vs GraphQL — Which One Should You Use?

    12 min read

    Back to Blog