Return appropriate HTTP status codes with each response. Successful responses should be coded according to this guide:
200
: Request succeeded for aGET
,POST
,DELETE
, orPATCH
call that completed synchronously, or aPUT
call that synchronously updated an existing resource201
: Request succeeded for aPOST
, orPUT
call that synchronously created a new resource. It is also best practice to provide a 'Location' header pointing to the newly created resource. This is particularly useful in thePOST
context as the new resource will have a different URL than the original request.202
: Request accepted for aPOST
,PUT
,DELETE
, orPATCH
call that will be processed asynchronously206
: Request succeeded onGET
, but only a partial response returned: see above on ranges
Pay attention to the use of authentication and authorization error codes:
401 Unauthorized
: Request failed because user is not authenticated403 Forbidden
: Request failed because user does not have authorization to access a specific resource
Return suitable codes to provide additional information when there are errors:
422 Unprocessable Entity
: Your request was understood, but contained invalid parameters429 Too Many Requests
: You have been rate-limited, retry later500 Internal Server Error
: Something went wrong on the server, check status site and/or report the issue
Refer to the HTTP response code spec for guidance on status codes for user error and server error cases.