Why use status codes correctly?
Because the status code is the contract between your API and clients. Clients should be able to branch on the code alone. Returning 200 with an error body breaks expectations and forces clients to parse the body to know if the call succeeded.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in API Status Codes: When to Use Which
200 OK for GET and PATCH (generic success). 201 Created for POST (a new resource was created). 204 No Content for DELETE (success with no body). Use the right code so clients can branch on it.
401 Unauthorized means not authenticated (who are you? - no valid token). 403 Forbidden means authenticated but not allowed (you cannot do that - wrong role). Check auth first, then authorization.
400 Bad Request for malformed input (bad JSON, missing required field). 422 Unprocessable Entity for semantic errors (valid format but invalid value, like a bad email). Many APIs use 400 for both; that is fine.
Still have questions?
Browse all our FAQs or reach out to our support team
