What Is This?
The HTTP 405 Method Not Allowed status code indicates that the HTTP method used in the request (GET, POST, PUT, DELETE, etc.) is not supported for the requested resource. The response must include an Allow header listing the supported methods. This is a common issue when a client sends POST to a GET-only endpoint or vice versa.
Common Causes & Solutions
Common Cause
POST request sent to a GET-only endpoint
Common Cause
DELETE request sent to a read-only API resource
Common Cause
PUT request sent to a resource that only supports PATCH
Common Cause
Incorrect HTTP method used in REST client configuration
Include the Allow header
Always include the Allow header in 405 responses to tell the client which methods are supported.
HTTP/1.1 405 Method Not Allowed
Allow: GET, HEAD
Content-Type: application/json
{
"error": "Method Not Allowed",
"message": "POST is not supported on this endpoint. Use GET instead."
}Implement proper method routing
Define allowed methods explicitly in your route handlers and return 405 for unsupported methods.
// Express.js
app.route('/api/resource')
.get((req, res) => { /* handle GET */ })
.post((req, res) => { /* handle POST */ })
.all((req, res) => {
res.set('Allow', 'GET, POST')
res.status(405).json({ error: 'Method not allowed' })
})Related Entries
More from this reference:
400 400 Bad Request
The server cannot process the request due to client-side input errors.
401 401 Unauthorized
Authentication is required but was missing or invalid.
403 403 Forbidden
The client is authenticated but does not have permission to access the resource.
404 404 Not Found
The requested resource could not be found on the server.
408 408 Request Timeout
The server timed out waiting for the client to send the complete request.
413 413 Payload Too Large
The request body exceeds the server's maximum allowed size.
422 422 Unprocessable Entity
The request has valid syntax but contains semantic validation errors.
429 429 Too Many Requests
The client has exceeded the rate limit and should slow down.
Frequently Asked Questions
What methods should I list in the Allow header?
List all methods that the resource supports, including ones that work. For a read-only endpoint, the Allow header would include GET and HEAD. For a full CRUD resource, it would include GET, POST, PUT, PATCH, DELETE, and HEAD.
Is 405 the same as 'route not found'?
No. If the route itself does not exist, return 404. If the route exists but the method is wrong, return 405. For example, /api/users exists (supports GET) but sending POST would return 405.