Skip to content

RESTful API Status Codes

RESTful API Status Codes are HTTP status codes utilized to indicate the success or failure of a client's request. In a RESTful architecture, the server communicates the outcome of an operation using specific numeric codes, ensuring the client understands the result without needing to parse the response body deeply^[600-developer-principle-restful-rule.md].

2xx Success Codes

This class of status codes indicates that the server successfully received, understood, and accepted the request^[600-developer-principle-restful-rule.md].

  • 200 OK
    • Method: [GET]
    • Description: Indicates that the server successfully returned the data requested by the user^[600-developer-principle-restful-rule.md]. This operation is considered idempotent^[600-developer-principle-restful-rule.md].
  • 201 CREATED
    • Method: [POST/PUT/PATCH]
    • Description: Signifies that the user successfully created or modified data^[600-developer-principle-restful-rule.md].
  • 202 Accepted
    • Method: [*]
    • Description: Indicates that a request has been accepted and is queued for background processing (asynchronous task)^[600-developer-principle-restful-rule.md].
  • 204 NO CONTENT
    • Method: [DELETE]
    • Description: Returned when a user successfully deletes data^[600-developer-principle-restful-rule.md].

4xx Client Error Codes

These status codes indicate that the client appears to have made an error, such as a malformed request syntax or lacking authentication^[600-developer-principle-restful-rule.md].

  • 400 INVALID REQUEST
    • Method: [POST/PUT/PATCH]
    • Description: The request issued by the user contained an error, and the server performed no creation or modification operations^[600-developer-principle-restful-rule.md]. This operation is idempotent^[600-developer-principle-restful-rule.md].
  • 401 Unauthorized
    • Method: [*]
    • Description: Indicates that the user lacks permission (e.g., token, username, or password error)^[600-developer-principle-restful-rule.md].
  • 403 Forbidden
    • Method: [*]
    • Description: Indicates that the user is authorized (distinct from 401) but access is prohibited^[600-developer-principle-restful-rule.md].
  • 404 NOT FOUND
    • Method: [*]
    • Description: The request targeted a non-existent record, and the server performed no operation^[600-developer-principle-restful-rule.md]. This is idempotent^[600-developer-principle-restful-rule.md].
  • 406 Not Acceptable
    • Method: [GET]
    • Description: The format requested by the user is not available (e.g., the user requested JSON but only XML is available)^[600-developer-principle-restful-rule.md].
  • 410 Gone
    • Method: [GET]
    • Description: The requested resource has been permanently removed and will not be available again^[600-developer-principle-restful-rule.md].
  • 422 Unprocesable Entity
    • Method: [POST/PUT/PATCH]
    • Description: A validation error occurred when creating an object^[600-developer-principle-restful-rule.md].
  • 429 Too Many Requests
    • Method: [*]
    • Description: The request is rejected due to load limits^[600-developer-principle-restful-rule.md].

5xx Server Error Codes

These codes indicate that the server failed to fulfill a valid request^[600-developer-principle-restful-rule.md].

  • 500 INTERNAL SERVER ERROR
    • Method: [*]
    • Description: An error occurred on the server, preventing the user from determining if the request was successful^[600-developer-principle-restful-rule.md].
  • [[RESTful API Design]]
  • [[HTTP Verbs]]
  • [[Idempotency]]

Sources

^[600-developer-principle-restful-rule.md]