Products

Solutions

Resources

Search for API Security Tests

/

/

HTTP Status Code

HTTP Status Code

In this section you will learn about all HTTP Status Codes, what is it, its components and examples.

In this section you will learn about all HTTP Status Codes, what is it, its components and examples.

HTTP Status Code
HTTP Status Code
HTTP Status Code

Luke Stephens

Luke Stephens

Luke Stephens

Introduction to HTTP Status Code?

HTTP status codes are a standardized set of numerical responses used in web communication. They play a pivotal role in the interaction between a client (such as a web browser or an API consumer) and a server.

The Significance of HTTP Status Codes

These status codes are not just technical indicators; they offer critical insights into the health and accessibility of web resources. They help in debugging and optimizing web applications, ensuring a smoother user experience. Each status code provides a concise indication of what happened with a request, whether successful, redirected, encountering client or server errors, or in need of further action.

Categories of HTTP Status Codes

HTTP status codes are grouped into five classes, each defined by the first digit of the code:

  1. 1xx (Informational): These codes indicate provisional responses, primarily to inform the client that the request was received and is being processed. For example, 102 Processing indicates that the server has received and is processing the request, but no response is available yet.

  2. 2xx (Success): This class indicates that the client's request was accepted and processed successfully. Codes like 200 OK and 201 Created are common examples, signaling successful retrieval of information or creation of a resource.

  3. 3xx (Redirection): These codes signify that further actions are needed to complete the request. They are used for URL redirection. 301 Moved Permanently and 302 Found are commonly used for resource redirection.

  4. 4xx (Client Error): This group represents errors that originate from the client’s side. 400 Bad Request indicates a general client error, while 404 Not Found is well-known for indicating that the requested resource is not available.

  5. 5xx (Server Error): These codes indicate failures on the server’s part. 500 Internal Server Error is a generic message used when no more specific message is suitable.

Common HTTP Status Codes and Their Meanings

Understanding the most commonly encountered HTTP status codes is crucial for web development and troubleshooting:

100 Continue:

This is an informational response indicating that the initial part of a request has been received and has not yet been rejected by the server. The server intends to send a final response after the request has been fully received. This is relevant for understanding the preliminary stages of a request, especially in API operations involving large data uploads.

Request

POST /upload HTTP/1.1
Host: example.com
Content-Length: 524288
Expect: 100-continue

Response

HTTP/1.1 100 Continue


200 OK:

The request has succeeded, and the meaning of success depends on the HTTP method used. This is common in GET requests.

Request

GET /api/products HTTP/1.1
Host: example.com

Response

HTTP/1.1 200 OK
Content-Type: application/json

[{ "id": 1, "name": "Laptop" }, { "id": 2, "name": "Smartphone" }]


201 Created:

Indicates that the request has led to the creation of a new resource, often seen in POST requests.

Request

POST /api/users HTTP/1.1
Host: example.com
Content-Type: application/json

{ "username": "newuser", "email": "newuser@example.com" }

Response

HTTP/1.1 201 Created
Location: /api/users/5


204 No Content:

A successful status code implying the request was processed but there is no content in the response, commonly used in DELETE requests.

Request

DELETE /api/users/5 HTTP/1.1
Host: example.com

Response

HTTP/1.1 204 No Content


301 Moved Permanently:

Indicates a permanent redirection of a resource's URL, important for tracking changes in API endpoints.

Request

GET /old-page HTTP/1.1
Host: example.com

Response

HTTP/1.1 301 Moved Permanently
Location: /new-page


302 Found:

This status code indicates that the resource requested has been temporarily moved to a different URI. For API security, tracking these redirects is essential to understand the flow of requests and ensure they are not being redirected to malicious sites.

Request

GET /temporary-page HTTP/1.1
Host: example.com

Response

HTTP/1.1 302 Found
Location: /other-page

307 Temporary Redirect

The HTTP 307 status code signifies that the requested resource is temporarily available at a different URI, and future requests should still use the original URI.

Request

POST /api/data HTTP/1.1
Host: www.example.com
Content-Type: application/json

{
  "data": "sample"
}

Response

HTTP/1.1 307 Temporary Redirect
Location: https://www.example.com/temp-api/data


400 Bad Request:

Signifies a client error, such as malformed request syntax.

Request

GET /api/products?id= HTTP/1.1
Host: example.com

Response

HTTP/1.1 400 Bad Request
Content-Type: application/json

{ "error": "Invalid product ID" }


401 Unauthorized:

The request lacks valid authentication credentials, essential for access control.

Request

GET /api/user/profile HTTP/1.1
Host: example.com

Response

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="User Visible Realm"


403 Forbidden:

The server refuses to authorize the request, a key indicator of access control enforcement.

Request

DELETE /api/users/3 HTTP/1.1
Host: example.com
Authorization: Basic dXNlcjpwYXNz

Response

HTTP/1.1 403 Forbidden


404 Not Found:

The server can't find the requested resource, often due to incorrect endpoint access.

Request

GET /api/unknown HTTP/1.1
Host: example.com

Response

HTTP/1.1 404 Not Found


405 Method Not Allowed:

The method is known but disabled for the requested resource.

Request

PUT /api/read-only HTTP/1.1
Host: example.com

Response

HTTP/1.1 405 Method Not Allowed
Allow: GET, HEAD


429 Too Many Requests:

Indicates rate limiting, crucial for preventing API abuse.

Request

GET /api/search?q=laptop HTTP/1.1
Host: example.com

Response

HTTP/1.1 429 Too Many Requests
Retry-After: 3600


451 Unavailable For Legal Reasons:

The resource is legally restricted, important for compliance and legal considerations in API usage.

Request

GET /api/restricted-content HTTP/1.1
Host: example.com

Response

HTTP/1.1 451 Unavailable For Legal Reasons


500 Internal Server Error:

A general server error indicating possible vulnerabilities or system issues.

Request

POST /api/process HTTP/1.1
Host: example.com
Content-Type: application/json

{ "data": "value" }

Response

HTTP/1.1 500 Internal Server Error


503 Service Unavailable:

Suggests the server is overwhelmed, potentially due to a DoS attack.

Request

GET /api/service HTTP/1.1
Host: example.com

Response

HTTP/1.1 503 Service Unavailable
Retry-After: 120


Status Code

Best Practices for Using HTTP Status Codes

Proper usage of HTTP status codes is essential in API design and web development:

  • Clear Communication: Use specific status codes that accurately describe the outcome of a request. Avoid overusing generic codes like 200 OK or 500 Internal Server Error.

  • Error Handling: Implement robust error handling in your application. Use client error codes to guide users or clients on how to rectify their requests.

  • Documentation: Clearly document the status codes your API returns, especially for custom APIs where standard HTTP behaviors might be overridden or extended.

Troubleshooting with HTTP Status Codes

A deep understanding of these codes can significantly aid in diagnosing and fixing issues in web applications:

  • Identifying Client Issues: A series of 4xx errors could indicate problems with the client requests, such as incorrect URLs (404 Not Found), unauthorized access attempts (403 Forbidden), or bad request formats (400 Bad Request).

  • Server-Side Troubleshooting: 5xx errors highlight server-side problems. For instance, a 503 Service Unavailable error might indicate that the server is overloaded or under maintenance.

Conclusion

HTTP status codes are a fundamental part of web communication, providing essential feedback about HTTP requests. A comprehensive understanding and proper use of these codes are vital for developers, enhancing the efficiency and reliability of web applications and APIs.

On this page

Protect your APIs from attacks now

Protect your APIs from attacks now

Protect your APIs from attacks now

Explore more from Akto

Blog

Be updated about everything related to API Security, new API vulnerabilities, industry news and product updates.

Events

Browse and register for upcoming sessions or catch up on what you missed with exclusive recordings

CVE Database

Find out everything about latest API CVE in popular products

Test Library

Discover and find tests from Akto's 100+ API Security test library. Choose your template or add a new template to start your API Security testing.

Documentation

Check out Akto's product documentation for all information related to features and how to use them.