HTTP Status Code Explorer — Free Online Tool

Complete reference for all HTTP status codes. Search, filter by category, and get ready-to-use code snippets.

All 1xx Informational 2xx Success 3xx Redirect 4xx Client Error 5xx Server Error

What are HTTP Status Codes?

HTTP status codes are three-digit numbers returned by a server in response to an HTTP request. They tell the client whether the request was successful, if it needs to take further action, or if an error occurred. Status codes are grouped into five classes based on their first digit.

HTTP Status Code Categories

  • 1xx (Informational): The request was received and the process is continuing.
  • 2xx (Success): The request was successfully received, understood, and accepted.
  • 3xx (Redirection): Further action needs to be taken by the client to complete the request.
  • 4xx (Client Error): The request contains bad syntax or cannot be fulfilled. The client made an error.
  • 5xx (Server Error): The server failed to fulfill an apparently valid request. The server made an error.

Most Common HTTP Status Codes

  • 200 OK: Standard success response for GET, PUT, PATCH, DELETE requests
  • 201 Created: Resource was successfully created, typically for POST requests
  • 301 Moved Permanently: The URL has permanently changed — used for SEO-friendly redirects
  • 400 Bad Request: The server cannot process the request due to invalid syntax
  • 401 Unauthorized: Authentication is required and has failed or was not provided
  • 403 Forbidden: The client doesn't have permission to access this resource
  • 404 Not Found: The requested resource could not be found on the server
  • 429 Too Many Requests: Rate limit exceeded
  • 500 Internal Server Error: Unexpected server-side error

HTTP Status Codes in API Design: Best Practices

Choosing the right HTTP status code is one of the most important decisions in API design. Consistent, correct status codes make APIs predictable, improve error handling on the client side, and reduce debugging time for developers integrating with your API.

Status Code Selection Guide for API Developers

  • 200 vs 201 vs 204: Return 200 OK for successful reads and updates. Use 201 Created when a new resource is created (with a Location header pointing to it). Use 204 No Content for successful deletes or updates that return no body.
  • 400 vs 422: Use 400 Bad Request for malformed requests (invalid JSON, missing required fields). Use 422 Unprocessable Entity when the request is well-formed but semantically invalid (email format wrong, date in the past).
  • 401 vs 403: 401 Unauthorized means "not authenticated" — the client needs to provide credentials. 403 Forbidden means "authenticated but not authorized" — valid credentials, but the user doesn't have permission for this action.
  • 404 vs 410: Use 404 Not Found when a resource doesn't exist or was never known. Use 410 Gone when a resource existed previously but has been permanently removed — this tells search engines to de-index the URL.
  • 429 Too Many Requests: Essential for rate-limited APIs. Always include a Retry-After header telling the client how long to wait before retrying.

Common API Status Code Mistakes

  • Using 200 for everything: Some APIs return 200 OK with an error in the response body. This forces clients to parse the body to detect errors instead of using standard HTTP error handling. Always use appropriate 4xx/5xx codes.
  • Returning 500 for client errors: A 500 Internal Server Error implies a bug in your server. If the client sent bad data, return 4xx. If your server crashed, return 5xx. Incorrect status codes trigger false alerts in monitoring systems.
  • Ignoring 304 Not Modified: For cacheable resources, support conditional requests with ETag or Last-Modified headers and return 304 when the content hasn't changed. This saves bandwidth and improves perceived performance.

Frequently Asked Questions about HTTP Status Codes

What is the difference between HTTP 401 and 403?

HTTP 401 Unauthorized means authentication is required but missing or invalid — the user is not logged in or provided an expired token. HTTP 403 Forbidden means the user is authenticated but does not have permission to access the resource. In short: 401 means "who are you?", 403 means "I know who you are, but you cannot access this." Always send a WWW-Authenticate header with 401 to tell the client how to authenticate.

When should I use 201 Created instead of 200 OK?

Return 201 Created when a POST request successfully creates a new resource. Include a Location response header pointing to the URL of the newly created resource. Return 200 OK for successful GET, PUT, or PATCH requests that do not create new resources. For successful DELETE operations with an empty response body, return 204 No Content. Using the correct code helps API clients handle responses correctly.

What is HTTP 422 Unprocessable Entity?

HTTP 422 means the server understands the request content type and syntax is valid, but cannot process the semantic instructions. It is used in REST APIs when request body validation fails — a required field is missing, a value is out of range, or a date format is invalid. It is more specific than 400 Bad Request (which indicates malformed syntax). Return validation errors in the response body to help the client fix the request.

What is the difference between 500 and 503 status codes?

HTTP 500 Internal Server Error is a generic server-side error indicating something unexpected went wrong — a bug, an unhandled exception, or a misconfiguration. HTTP 503 Service Unavailable means the server is intentionally unable to handle the request right now, typically due to maintenance or being overloaded. With 503, include a Retry-After header to tell clients when to try again.

Related Developer Tools