← Back to Developer Tools
📡

REST API Status Codes — Best Practices & When to Use Each

All 34 status codes · Search · Filter · Snippets · cURL Tester · Favorites

💡

REST API status code best practices — which HTTP code to use for each operation. GET success: 200. POST creates: 201. DELETE: 204. Not authenticated: 401. No permission: 403. Not found: 404. Validation fail: 422. Rate limited: 429. Server error: 500. Use the tag filter "REST" to see only REST-relevant codes with code snippets.

1xx4
2xx5
3xx5
4xx13
5xx7
🌐 Live Status Checker
CORS-safe — works for public APIs and your own endpoints
100
Continue
Server received request headers, client should proceed
Upload
101
Switching Protocols
Server is switching to the protocol specified in Upgrade header
WebSocket
102
Processing
Server has received and is processing the request (WebDAV)
REST
103
Early Hints
Server sends preliminary hints for browser to preload resources
Cache
200
OK
Request succeeded — standard success response
RESTSuccess📦 Cacheable
201
Created
Request succeeded and a new resource was created
RESTSuccess
202
Accepted
Request accepted but processing not yet complete
REST
204
No Content
Request succeeded but no response body
RESTSuccess
206
Partial Content
Server is delivering only part of the resource (range request)
UploadCache📦 Cacheable
301
Moved Permanently
Resource permanently moved to new URL — use Location header
RedirectCache📦 Cacheable
302
Found
Resource temporarily at different URL — method may change
Redirect
304
Not Modified
Resource not changed since last request — use cached version
Cache📦 Cacheable
307
Temporary Redirect
Temporary redirect — HTTP method preserved
Redirect
308
Permanent Redirect
Permanent redirect — HTTP method preserved
RedirectCache📦 Cacheable
400
Bad Request
Server cannot process request due to client error
RESTError
401
Unauthorized
Client must authenticate to get the requested response
AuthError↺ Retryable
403
Forbidden
Client is authenticated but not authorized for this resource
AuthError
404
Not Found
Server cannot find the requested resource
RESTError📦 Cacheable
405
Method Not Allowed
HTTP method not allowed for this resource
RESTError
408
Request Timeout
Server timed out waiting for the request
Error↺ Retryable
409
Conflict
Request conflicts with current state of the server
RESTError↺ Retryable
410
Gone
Resource permanently deleted — unlike 404, this is intentional
RESTErrorCache📦 Cacheable
411
Length Required
Server requires Content-Length header
UploadError
413
Content Too Large
Request body exceeds server size limit
UploadError
415
Unsupported Media Type
Server rejects request due to unsupported Content-Type
RESTError
422
Unprocessable Content
Request is well-formed but has semantic errors (validation failed)
RESTError
429
Too Many Requests
Client has sent too many requests (rate limited)
AuthErrorREST↺ Retryable
500
Internal Server Error
Server encountered unexpected error
Error↺ Retryable
501
Not Implemented
Server does not support the functionality required
Error📦 Cacheable
502
Bad Gateway
Upstream server returned invalid response
Error↺ Retryable
503
Service Unavailable
Server temporarily unavailable — overloaded or down for maintenance
Error↺ Retryable
504
Gateway Timeout
Upstream server did not respond in time
Error↺ Retryable
507
Insufficient Storage
Server unable to store the representation (WebDAV)
UploadError↺ Retryable
511
Network Authentication Required
Client needs to authenticate to gain network access (captive portal)
AuthError↺ Retryable
📡

Click any status code to see full details, code snippets, and usage guide

NavigateEsc CloseCtrl+F Search
Ctrl+F Focus search Navigate codesEsc Close detailCtrl+L Clear filters

Frequently Asked Questions

What HTTP status codes should a REST API use for CRUD operations?

GET (read): 200 OK with resource, 404 if not found. POST (create): 201 Created with Location header and resource body. PUT/PATCH (update): 200 OK with updated resource, or 204 No Content if not returning body, 404 if not found. DELETE: 204 No Content on success, 404 if not found. For async operations, POST returns 202 Accepted with job ID.

Should a REST API return 200 or 204 for a successful DELETE?

Both are acceptable. 204 No Content is semantically correct — the resource is gone, there's nothing to return. 200 OK is acceptable if you want to return a confirmation message or the deleted resource's final state. Some APIs return 200 {"deleted": true} for frontend convenience. Pick one convention and be consistent across your API.

What status code should I return for a duplicate resource (unique constraint)?

409 Conflict is the correct code for duplicate resource violations — for example, trying to register with an email that already exists. Return a clear error body: {"error": "EMAIL_ALREADY_EXISTS", "message": "This email is already registered"}. Do not return 400 for duplicates (400 is for malformed requests, not business logic conflicts).

How should REST APIs handle authentication vs authorization errors?

Missing or invalid auth token (not logged in): 401 Unauthorized with WWW-Authenticate: Bearer header. Valid token but insufficient permissions (logged in, wrong role): 403 Forbidden. Expired token: 401 with error code TOKEN_EXPIRED so clients know to refresh. For sensitive resources, consider 404 instead of 403 to hide resource existence.

What should a REST API return for async operations?

For long-running tasks: POST /jobs → 202 Accepted with body {"jobId": "abc123", "statusUrl": "/jobs/abc123", "estimatedTime": 30}. Client polls GET /jobs/abc123 → returns {"status": "processing"} (200) until complete, then {"status": "done", "result": {...}} (200). This pattern keeps HTTP semantics correct while supporting async workflows.

Should REST APIs use 422 or 400 for validation errors?

422 Unprocessable Content is more semantically correct for business validation failures when the JSON is syntactically valid. Most modern frameworks (Rails, Laravel, FastAPI) use 422 for validation. However, many teams use 400 for all client errors including validation — both are acceptable. Pick one and document it in your API specification. Include field-level errors: {"errors": [{"field": "email", "message": "Invalid format"}]}.

You might also like

Related Tools

All Developer Tools →
🔐
Popular
JWT Decoder
Decode JWT tokens — header, payload, claims, expiry countdown & security warnings.
JWTToken
Try →
🔗
Popular
URL Parser
Parse any URL into protocol, host, path, query params, and fragment — live breakdown, encoder/decoder, cURL generator and diff.
URLParse
Try →
</>
Popular
HTML Formatter
Beautify, validate & preview HTML. Accessibility audit, SEO check, HTML→JSX/React/Vue.
HTMLFormatter
Try →
New
Lorem Ipsum Generator
Generate placeholder text. Paragraphs, sentences, words or bytes. HTML, Markdown, JSON output.
loremipsum
Try →
📷
Popular
QR Code Generator
Generate QR codes for URL, WiFi, UPI Payment, vCard, Email, SMS, WhatsApp, GPS. Logo embed, SVG export, batch generate, decode.
QR CodeQR Generator
Try →
Explore Other Tools
💱
🔄 Converter
Currency Converter
Live currency exchange rates with 7-day trend chart, bulk conversion & JSON export.
CurrencyForex
Try →
📐
🌾 Farming
Land Area Converter
Bigha, Acre, Hectare, Gunta — Gujarat & Rajasthan Bigha support.
BighaAcre
Try →
📈
💰 Finance
SIP Calculator
SIP returns with year-wise growth chart projection.
SIPMutual Fund
Try →