Products

Solutions

Resources

Search for API Security Tests

/

/

400 Status Code - Bad Request

400 Status Code - Bad Request

In this section you will learn about 400 Status Code, what is it, its components and examples.

In this section you will learn about 400 Status Code, what is it, its components and examples.

400 Status Code - Bad Request
400 Status Code - Bad Request
400 Status Code - Bad Request

Luke Stephens

Luke Stephens

Luke Stephens

What is HTTP Status Code 400 - Bad Request?

The HTTP Status Code 400, known as "Bad Request", is a client error response code. It indicates that the server was unable to understand or process the request due to client-side invalid input or malformed request syntax. In essence, the client has made an error, and the server can't or won't process the request until the issue is resolved.

Understanding of 400 Bad Request

  • Client-side Error: A 400 Bad Request typically implies that the error lies with the client. It could be due to malformed request syntax, invalid request message framing, or a deceptive request routing.

HTTP/1.1 400 Bad Request
  • Descriptive Error Messages: Often, a server will provide a more detailed message or explanation with the 400 Bad Request to help the client understand what went wrong. This can aid in diagnosing and rectifying the issue more efficiently.

{"error": "Invalid JSON format"}

Why 400 Bad Request?

The 400 Bad Request status code serves as an immediate feedback mechanism for the client. When a request is malformed or contains invalid data, the server uses this status code to alert the client, enabling prompt corrective action.

Characteristics of 400 Bad Request

  • Broad Spectrum: The 400 Bad Request can cover a wide range of errors on the client side, from data validation failures to malformed request structures.

  • Corrective Action Needed: This code indicates that the client should modify the request before trying again. Resending the same request without changes will likely result in the same error.

How does 400 Bad Request Work?

  1. Client Sends a Request:

    The client sends a POST request to the server, which may have a syntax error, incorrect data, or other issues.

POST /create-account HTTP/1.1
Host: www.example.com
Content-Type: application/json

{
  "username": "JohnDoe",
  "email": "john.doe@.com" // malformed email address
}
  1. Server Evaluates & Responds:

    The server identifies the issue, in this case, a malformed email address, and sends back a 400 Bad Request status code with an explanatory error message.

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error": "Invalid email format"
}

Example of 400 Bad Request

Malformed JSON:

POST /update-profile HTTP/1.1
Host: www.example.com
Content-Type: application/json

{
  "name": "Jane" // missing closing brace
}

Response:

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error": "Malformed JSON input"
}

Here, the client sends a JSON payload missing a closing brace. The server identifies the malformed JSON and returns a 400 Bad Request with a descriptive error message.

Conclusion

The 400 Bad Request status code is instrumental in providing feedback to clients about errors or issues with their requests. By signalling that there's a problem with the request's syntax, structure, or data, it allows clients to diagnose and rectify their errors. Familiarity with the 400 Bad Request status code and its implications is crucial for developers, as it's a foundational aspect of effective client-server communication.

On this page

Protect your APIs from attacks now

Protect your APIs from attacks now

Protect your APIs from attacks now

Explore more from Akto

Blog

Be updated about everything related to API Security, new API vulnerabilities, industry news and product updates.

Events

Browse and register for upcoming sessions or catch up on what you missed with exclusive recordings

CVE Database

Find out everything about latest API CVE in popular products

Test Library

Discover and find tests from Akto's 100+ API Security test library. Choose your template or add a new template to start your API Security testing.

Documentation

Check out Akto's product documentation for all information related to features and how to use them.