A RESTful API should use meaningful status codes that are defined in the HTTP standard to indicate the result of a request. The following are the status codes for different scenarios, which are divided into different types:
- 2xx—Success codes:
- 200 OK: Indicates a successful GET, PUT, or PATCH request. It can also be used for a POST request that is not for creating resources, or a DELETE request when the response needs to contain the representation of a removed resource.
- 201 Created: Indicates a successful POST request or a PUT request that is for creating a new resource. Usually, a location header is also returned with the URI of the new resource.
- 204 No Content: Indicates a successful request that does not contain any response body, such as the DELETE request.
- 3xx—Redirections:
- 304 Not Modified: Indicates that a resource hasn't been modified since last requested. Typically, the client will provide a header such as If-Modified-Since to provide a time against which to compare.
- 4xx—Client error:
- 400 Bad Request: Indicates that the server cannot or will not process the request due to something that is perceived to be a client error. For example, the request is malformed or failed the validation.
- 401 Unauthorized: Indicates a request that doesn't contain authentication credentials or that the authentication failed.
- 403 Forbidden: Indicates a request that tries to access a resource that is not allowed for the authenticated user.
- 404 Not Found: Indicates a request to a nonexistent resource.
- 409 Conflict: Indicates a request that tries to change the state of a resource cannot be processed by the server due to a conflict in the resource's state.
- 410 Gone: Indicates that the requested resource is no longer available.
- 429 Too Many Requests: Indicates that the client has sent too many requests in a given amount of time and that the request has been rejected. The server might include a Retry-After header to the response, indicating how long to wait before making a new request.
- 5xx—Server error:
- 500 Internal Server Error: Indicates that the server encountered an unexpected condition and failed to process the request.