What Are HTTP Status Codes?
Every time your app (client) communicates with a server, the server responds with an HTTP status code โ a 3-digit number that tells you what happened to your request.
Whether you’re building APIs with Node.js, fetching data in React, or testing APIs in Postman, understanding these codes is essential.
Categories of Status Codes
| Range | Category | Description |
|---|---|---|
| 1xx | Informational | Request received, continuing process |
| 2xx | โ Success | Request received and processed correctly |
| 3xx | ๐ Redirection | Additional action needed to complete request |
| 4xx | โ Client Error | Client made a mistake (e.g., wrong URL or data) |
| 5xx | ๐ฅ Server Error | Server failed to handle the request properly |
Most Used Success Codes (2xx)
| Code | Meaning | Usage Example |
|---|---|---|
| 200 | OK | Default success response for GET, POST, etc. |
| 201 | Created | Used after creating a resource (e.g., registering a user) |
| 204 | No Content | Used when data is updated but no content needs to be returned |
๐ง Use
201instead of200when you create something (e.g., signup API).
Most Used Redirection Codes (3xx)
| Code | Meaning | Use Case |
|---|---|---|
| 301 | Moved Permanently | Old URLs permanently redirect to new ones |
| 302 | Found (Temporary) | Used in login redirections (common in web apps) |
| 307 | Temporary Redirect | Preserves the request method (GET/POST) |
| 308 | Permanent Redirect | Like 301, but also preserves method and body |
๐ 3xx codes are rarely used in API development, but are important in frontend and SEO.
Most Used Client Error Codes (4xx)
| Code | Meaning | When to Use |
|---|---|---|
| 400 | Bad Request | Malformed input (e.g., missing fields in signup) |
| 401 | Unauthorized | User not logged in / token missing or invalid |
| 403 | Forbidden | User logged in but lacks permission |
| 404 | Not Found | Route/resource doesn’t exist |
| 405 | Method Not Allowed | Trying to POST on a GET-only route |
| 429 | Too Many Requests | Too many API calls (rate limiting) |
โ 400โ404 and 401 are the most common when building REST APIs.
Most Used Server Error Codes (5xx)
| Code | Meaning | When to Use |
|---|---|---|
| 500 | Internal Server Error | General server-side failure (e.g., null value, DB crash) |
| 502 | Bad Gateway | Load balancer or proxy gets invalid response |
| 503 | Service Unavailable | Server is down or under maintenance |
| 504 | Gateway Timeout | Server took too long to respond |
๐ฅ Always log 5xx errors on the backend. They indicate your app has an issue, not the user.
Common API Examples
| Scenario | Status Code | Explanation |
|---|---|---|
| User logs in successfully | 200 OK |
Request worked |
| New user is registered | 201 Created |
New record saved |
| Form submitted but no content needed | 204 No Content |
Update success, nothing to return |
| User requests non-existent page | 404 Not Found |
Route not found |
| API request missing token | 401 Unauthorized |
Token missing or expired |
| Authenticated but no permission | 403 Forbidden |
Not allowed to access |
| Server fails to process input | 500 Internal Server Error |
Bug or unexpected error |
Best Practices for API Developers
-
โ Use proper status codes instead of always returning
200. -
โ Send meaningful JSON responses with status codes:
{
“status”: 400,
“message”: “Email is required”
}
-
๐ซ Don’t leak stack traces or database errors to users.
-
๐ For token-based systems, return
401or403as needed. -
๐งช Test responses in Postman, Insomnia, or frontend.
Summary Table (Most Used Only)
| Code | Use Case |
|---|---|
| 200 | Standard success response |
| 201 | Resource created (e.g., user signup) |
| 204 | No content after update |
| 400 | Invalid input or missing data |
| 401 | Authentication needed |
| 403 | Access forbidden |
| 404 | Route or resource not found |
| 429 | Too many requests |
| 500 | Something broke on server |
| 503 | Server temporarily unavailable |