Is This the Right HTTP Response Code?

How To Determine The Right HTTP Response Code For Various Situations

418

When in doubt, stick to the basics

…but…

Operation (probably) successful but not finished

401 vs. 403

  • 401 is the authentication error, thrown if the client needs to go through some login process and add those credentials to the request.
  • 403 is the authorization error, thrown if the client has the login credentials, but does not have the correct role or set of permissions to execute an operation on or view a resource.

When to use 409 (Conflict)

What is 204 (No Content)

Summary

  • use the base x00 statuses when unsure
  • new resource => 201
  • no resource => 404
  • request good, but operation not done => 202
  • missing credentials => 401
  • wrong role / missing permission => 403
  • don’t use 404 instead of 403
  • the target resource was updated (by someone else) while editing => 409
  • there is no use case for 409 other than the one above
  • resource successfully updated, no need for body => 204
  • don’t use 204 if the client state can become inconsistent

--

--

Software Engineer 👨‍💻 | Wannabe Writer ✍️ | History Buff 🏺 | Worldbuilder 🌍

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Petar Kovačević

Software Engineer 👨‍💻 | Wannabe Writer ✍️ | History Buff 🏺 | Worldbuilder 🌍