HTTP Status Codes — Complete Reference
A complete reference of HTTP status codes grouped by class. Look up individual codes with our HTTP Status Code Lookup tool or test API endpoints with the REST Client.
Status Code Classes
Request received, continuing process.
Request successfully received, understood, and accepted.
Further action needed to complete the request.
The request contains bad syntax or cannot be fulfilled.
The server failed to fulfill a valid request.
Complete Status Code List
All common HTTP status codes with their descriptions and typical use cases.
| Code | Name | Description |
|---|---|---|
| 100 | Continue | The server has received the request headers and the client should proceed to send the body. |
| 101 | Switching Protocols | The server is switching protocols as requested by the client (e.g., upgrading to WebSocket). |
| 102 | Processing | The server has received and is processing the request, but no response is available yet. |
| 103 | Early Hints | Used to preload resources while the server prepares the final response. |
| 200 | OK | The request succeeded. The response body depends on the HTTP method used. |
| 201 | Created | A new resource was created as a result of the request. Typically returned after POST requests. |
| 202 | Accepted | The request has been accepted for processing but is not yet complete. |
| 204 | No Content | The request succeeded but there is no content to return. Commonly used for DELETE operations. |
| 206 | Partial Content | The server is delivering only a portion of the resource (used for range requests and video streaming). |
| 301 | Moved Permanently | The resource has been permanently moved to a new URL. Search engines update their indexes. |
| 302 | Found | The resource is temporarily at a different URL. The HTTP method may change for the redirect. |
| 303 | See Other | The response is available at another URL via GET. Used in POST-Redirect-GET patterns. |
| 304 | Not Modified | The resource has not changed since the last request. Used for caching with conditional headers. |
| 307 | Temporary Redirect | Like 302 but the HTTP method must not change during the redirect. |
| 308 | Permanent Redirect | Like 301 but the HTTP method must not change during the redirect. |
| 400 | Bad Request | The server cannot process the request due to invalid syntax or malformed data. |
| 401 | Unauthorized | Authentication is required. The client must provide valid credentials. |
| 403 | Forbidden | The client is authenticated but does not have permission to access the resource. |
| 404 | Not Found | The requested resource does not exist. The most widely recognized HTTP error code. |
| 405 | Method Not Allowed | The HTTP method is not supported for this endpoint. |
| 408 | Request Timeout | The server timed out waiting for the client to send the complete request. |
| 409 | Conflict | The request conflicts with the current state of the server (e.g., duplicate resource). |
| 410 | Gone | The resource is permanently gone and will not be available again. |
| 415 | Unsupported Media Type | The request's Content-Type is not supported by the server. |
| 422 | Unprocessable Content | The request body is syntactically correct but semantically invalid. |
| 429 | Too Many Requests | The client has exceeded the rate limit. Retry-After header indicates when to retry. |
| 500 | Internal Server Error | A generic error when the server encounters an unexpected condition. |
| 502 | Bad Gateway | The server received an invalid response from an upstream server. |
| 503 | Service Unavailable | The server is temporarily unable to handle the request (maintenance or overload). |
| 504 | Gateway Timeout | The server did not receive a timely response from an upstream server. |
| 505 | HTTP Version Not Supported | The server does not support the HTTP protocol version used in the request. |
Quick Tips
Use the right class
Always return 2xx for success, 4xx for client errors, and 5xx for server errors. Consistent status codes help API consumers and monitoring tools.
Include error details
For 4xx and 5xx responses, include a descriptive JSON body with an error code and message to help clients debug the issue.
Respect 429 rate limits
Always include a Retry-After header with 429 responses so clients know when to retry their requests.
Use 308 for method-preserving redirects
Use 308 instead of 301 when you need to preserve the HTTP method (e.g., POST data should remain POST on the redirected URL).
Frequently Asked Questions
What is the difference between 401 and 403?
401 Unauthorized means you are not authenticated (logged in). 403 Forbidden means you are authenticated but do not have permission to access the resource.
When should I use 201 vs 200?
Use 201 Created when a new resource is created (typically after POST). Use 200 OK for successful GET, PUT, PATCH, and POST operations that don't create a new resource.
What is the difference between 301 and 308?
Both indicate permanent redirects. 301 may change POST to GET (older browsers). 308 preserves the HTTP method. Use 308 when method preservation matters.
Should I return 404 or 403 for hidden resources?
Some APIs return 404 instead of 403 to avoid revealing the existence of resources to unauthorized users. This is a security best practice for sensitive systems.