An HTTP status code is a three-digit number a server returns to describe the result of a request. They fall into five classes — 1xx informational, 2xx success, 3xx redirection, 4xx client errors, and 5xx server errors — and are defined in RFC 9110. This reference is written for JSON/REST API developers: the most common codes link to a detailed page with an example JSON error body and how to fix it. Working with a response right now? Format it with the JSON Formatter or check it with the JSON Validator.
HTTP status code reference
| Code | Name | Meaning | Class |
|---|---|---|---|
| 100 | Continue | Request headers received; client should send the body. | 1xx |
| 101 | Switching Protocols | Server is switching protocols as requested (e.g. to WebSocket). | 1xx |
| 103 | Early Hints | Preliminary headers sent so the client can start preloading. | 1xx |
| 200 | OK | Standard success response; body contains the result. | 2xx |
| 201 | Created | Request succeeded and a new resource was created. | 2xx |
| 202 | Accepted | Request accepted for processing but not yet completed. | 2xx |
| 204 | No Content | Success with no response body (common for DELETE/PUT). | 2xx |
| 206 | Partial Content | Server is delivering part of the resource (range request). | 2xx |
| 300 | Multiple Choices | Multiple possible responses; client must choose. | 3xx |
| 301 | Moved Permanently | Resource has a new permanent URL; update references. | 3xx |
| 302 | Found | Resource temporarily at a different URL. | 3xx |
| 303 | See Other | Retrieve the resource with a GET at another URL. | 3xx |
| 304 | Not Modified | Cached version is still valid; no body returned. | 3xx |
| 307 | Temporary Redirect | Temporary redirect that preserves the HTTP method. | 3xx |
| 308 | Permanent Redirect | Permanent redirect that preserves the HTTP method. | 3xx |
| 400 | Bad Request | Malformed request the server can't process (e.g. invalid JSON). | 4xx |
| 401 | Unauthorized | Authentication required or credentials invalid. | 4xx |
| 402 | Payment Required | Reserved; sometimes used for paid API tiers/quotas. | 4xx |
| 403 | Forbidden | Authenticated but not allowed to access the resource. | 4xx |
| 404 | Not Found | The requested resource does not exist. | 4xx |
| 405 | Method Not Allowed | HTTP method not supported for this resource. | 4xx |
| 406 | Not Acceptable | No response matches the client's Accept headers. | 4xx |
| 408 | Request Timeout | Client took too long to send the request. | 4xx |
| 409 | Conflict | Request conflicts with the current state (e.g. duplicate). | 4xx |
| 410 | Gone | Resource was deleted and will not return. | 4xx |
| 415 | Unsupported Media Type | Request body format not supported (e.g. wrong Content-Type). | 4xx |
| 418 | I'm a teapot | An April Fools' joke code (RFC 2324); occasionally used as an Easter egg. | 4xx |
| 422 | Unprocessable Entity | Syntax is valid but the data fails validation. | 4xx |
| 429 | Too Many Requests | Client hit a rate limit; check the Retry-After header. | 4xx |
| 500 | Internal Server Error | Generic server failure; the request was valid. | 5xx |
| 501 | Not Implemented | Server does not support the functionality required. | 5xx |
| 502 | Bad Gateway | Upstream server returned an invalid response. | 5xx |
| 503 | Service Unavailable | Server temporarily overloaded or down for maintenance. | 5xx |
| 504 | Gateway Timeout | Upstream server failed to respond in time. | 5xx |
No status codes match your filter.
The five HTTP status code classes
- 1xx Informational — the request was received and the process is continuing. Rare in everyday API work.
- 2xx Success — the request was received, understood, and accepted.
200,201, and204are the API workhorses. - 3xx Redirection — further action is needed to complete the request, usually following a new URL.
- 4xx Client Error — the request was bad: malformed, unauthorized, forbidden, or pointing at something that doesn't exist. The fix is on the client.
- 5xx Server Error — the request was valid but the server failed to handle it. The fix is on the server.
Frequently Asked Questions
What are HTTP status codes?
HTTP status codes are three-digit numbers a server returns to tell the client the result of a request. They are grouped into five classes: 1xx informational, 2xx success, 3xx redirection, 4xx client errors, and 5xx server errors. Defined in RFC 9110, they let an API signal exactly what happened — for example 200 OK for success, 404 Not Found when a resource is missing, or 500 Internal Server Error when the server fails.
Which HTTP status codes do REST APIs use most?
The most common in JSON/REST APIs are 200 OK, 201 Created, and 204 No Content for success; 400, 401, 403, 404, 422, and 429 for client errors; and 500, 502, and 503 for server errors.
What is the difference between 401 and 403?
401 Unauthorized means the request is not authenticated — no valid credentials were supplied, so the client should log in or send a token. 403 Forbidden means the client is authenticated but does not have permission. In short: 401 is "who are you?", 403 is "I know who you are, but you can't do this."
What does a 429 status code mean?
429 Too Many Requests means the client has sent too many requests in a given time and hit a rate limit. The response often includes a Retry-After header telling the client how long to wait. Clients should back off and retry with exponential backoff rather than hammering the endpoint.
What is the difference between 4xx and 5xx status codes?
4xx codes indicate a client error — the request was malformed, unauthorized, or asked for something that does not exist, so fixing it is the client's responsibility. 5xx codes indicate a server error — the request was valid but the server failed to fulfil it. Retrying a 4xx without changing the request usually fails; a 5xx may succeed on retry.
Last updated: June 2026