400 Status Code - Bad Request
What is 400 status code?
The HTTP Status Code 400, known as "Bad Request", is a client error response code. It indicates that the server was unable to understand or process the request due to client-side invalid input or malformed request syntax.
In essence, the client has made an error, and the server can't or won't process the request until the issue is resolved.
Understanding 400 status code
Client-side Error: A
400 Bad Requesttypically implies that the error lies with the client. It could be due to malformed request syntax, invalid request message framing, or a deceptive request routing.HTTP/1.1 400 Bad Request
Descriptive Error Messages: Often, a server will provide a more detailed message or explanation with the
400 Bad Requestto help the client understand what went wrong. This can aid in diagnosing and rectifying the issue more efficiently.{"error": "Invalid JSON format"}
Why 400 Status Code?
The 400 Bad Request status code serves as an immediate feedback mechanism for the client. When a request is malformed or contains invalid data, the server uses this status code to alert the client, enabling prompt corrective action.
Characteristics of 400 Bad Request
Broad Spectrum: The
400 Bad Requestcan cover a wide range of errors on the client side, from data validation failures to malformed request structures.Corrective Action Needed: This code indicates that the client should modify the request before trying again. Resending the same request without changes will likely result in the same error.
How does 400 Bad Request Work?
Client Sends a Request:
The client sends a POST request to the server, which may have a syntax error, incorrect data, or other issues.
Server Evaluates & Responds:
The server identifies the issue, in this case, a malformed email address, and sends back a
400 Bad Requeststatus code with an explanatory error message.
Example of 400 Bad Request
Malformed JSON:
Response:
Here, the client sends a JSON payload missing a closing brace. The server identifies the malformed JSON and returns a 400 Bad Request with a descriptive error message.
Real Life Example of 400 Bad Request
Imagine you are using a web application to book a flight. You fill out the form with your travel details and hit the "Submit" button. However, you accidentally enter an invalid date format in the departure field.
The request sent by your browser to the server would look something like this:
Since the server expects a valid date format and finds an invalid one in your request, it would return a 400 Bad Request status code, signaling that there's an issue with your request. The server's response would look something like this:
This response allows you to quickly identify and fix the error in your form input, ensuring the server can properly process your flight booking request.
Final Thoughts
The 400 Bad Request status code is instrumental in providing feedback to clients about errors or issues with their requests. By signalling that there's a problem with the request's syntax, structure, or data, it allows clients to diagnose and rectify their errors. Familiarity with the 400 Bad Request status code and its implications is important for developers, as it's a foundational aspect of effective client-server communication.
Explore more from Akto
Blog
Be updated about everything related to API Security, new API vulnerabilities, industry news and product updates.
Events
Browse and register for upcoming sessions or catch up on what you missed with exclusive recordings
CVE Database
Find out everything about latest API CVE in popular products
Test Library
Discover and find tests from Akto's 100+ API Security test library. Choose your template or add a new template to start your API Security testing.
Documentation
Check out Akto's product documentation for all information related to features and how to use them.