HTTP status codes tell you what happened with every API request. Use our HTTP Status Codes Reference for searchable quick lookup. Part of our Complete Developer Tools Guide.
HTTP Status Code Categories
- 1xx β Informational (request received, continuing)
- 2xx β Success (request completed)
- 3xx β Redirect (further action needed)
- 4xx β Client error (your request is wrong)
- 5xx β Server error (server failed)
Important 2xx Codes
200 OK β standard success. 201 Created β new resource created via POST. 204 No Content β success with no body (common for DELETE).
Redirect Codes
301 permanent (SEO transfers). 302 temporary.307/308 preserve HTTP method (POST stays POST).
Big 4xx Codes
400 (bad format), 401 (not authenticated), 403 (not authorized), 404 (not found), 422 (validation failed), 429 (rate limited).
401 vs 403
401 = no valid credentials. 403 = valid credentials but insufficient permissions. The most confused pair in web development.
5xx Server Errors
500 internal server bug. 502 bad gateway (proxy can't reach backend). 503 service unavailable (overload/maintenance). 504 gateway timeout.
Rate Limiting and 429
Implement exponential backoff. Check Retry-After header. Related: JSON Formatter, DNS Lookup.
Frequently Asked Questions
What is the difference between HTTP 401 and 403?
401 Unauthorized means the request lacks valid authentication credentials β the user is not logged in or the token is missing/expired. 403 Forbidden means the request is authenticated (we know who you are) but you don't have permission to access this resource. If you receive a 401, check your authentication token. If you receive a 403, check user roles and permissions.
What is the difference between 301 and 302 redirects?
A 301 (Moved Permanently) tells browsers and search engines that the resource has permanently moved to a new URL β the redirect is cached and SEO authority transfers. A 302 (Found/Temporary Redirect) signals a temporary move β browsers don't cache it and SEO authority stays with the original URL. Use 301 for permanent URL changes, 302 for temporary redirects.
What does HTTP 429 Too Many Requests mean?
429 means you've sent too many requests in a given time period and the server is rate-limiting you. The response should include a Retry-After header indicating when you can retry. Implement exponential backoff in your code: wait 1 second, then 2, then 4, then 8, before retrying.
When should an API return 422 vs 400?
400 Bad Request is for malformed requests β syntax errors, invalid JSON format, missing required headers. 422 Unprocessable Entity is for requests that are syntactically correct but semantically invalid β for example, a well-formed JSON body where a field value fails business validation (e.g., age is -5). REST APIs increasingly use 422 for validation errors and 400 for format errors.