HTTP Status Code Reference
Interactive HTTP status code reference. Search by code or description, filter by category (1xx–5xx), get meaning, common causes, and ready-to-use assertion snippets for Playwright, RestAssured, and pytest.
Server received headers, client should send body.
- •Large file uploads
- •Expect: 100-continue header
Rarely asserted directly. Check if client proceeds with body.Server switching to protocol requested via Upgrade header.
- •WebSocket upgrade
Assert 101 when testing WebSocket connections.Server received and is processing, but no response yet.
- •Long-running WebDAV operations
Used in WebDAV. Rarely tested in REST APIs.Request succeeded. Standard response for successful requests.
- •GET/PUT/PATCH successful
expect(response.status).toBe(200)Request succeeded and a new resource was created.
- •POST creating a resource
Assert 201 on POST. Check Location header for new resource URL.Request accepted for processing, but not completed yet.
- •Async job queued
- •Webhook accepted
Assert 202 for async operations. Poll for completion.Request succeeded, but no response body.
- •DELETE successful
- •PUT with no return body
Assert 204 on DELETE. Verify body is empty.Server returning partial resource due to Range header.
- •Video streaming
- •Large file download resume
Assert Content-Range header is present.Resource permanently moved to new URL.
- •URL restructuring
- •HTTP→HTTPS redirect
Assert Location header. Test that clients follow redirect.Resource temporarily at different URL.
- •Login redirect
- •Temporary maintenance page
Assert Location header. Common after form submissions.Cached version is still valid. No body returned.
- •Conditional GET with If-None-Match/If-Modified-Since
Assert 304 with ETag/Last-Modified headers in caching tests.Like 302, but method and body must not change.
- •HTTPS redirect preserving POST method
Assert original method is preserved after redirect.Like 301, but method and body must not change.
- •Permanent URL change preserving POST
Assert method preservation. Test with non-GET methods.Server cannot process due to client error (malformed syntax).
- •Invalid JSON body
- •Missing required field
- •Wrong data type
Assert 400 for validation tests. Check error message in body.Authentication required or credentials invalid.
- •Missing auth token
- •Expired JWT
- •Invalid API key
Assert 401 without credentials. Test expired token handling.Server understood request but refuses to authorize it.
- •Insufficient permissions
- •IP blocked
- •CORS denied
Assert 403 for role-based access control tests.Server cannot find the requested resource.
- •Wrong URL
- •Deleted resource
- •Typo in endpoint
Assert 404 for deleted resources and invalid endpoints.HTTP method not supported for this endpoint.
- •PUT on read-only endpoint
- •DELETE not allowed
Assert 405 when sending wrong HTTP method.Request conflicts with current server state.
- •Duplicate entry
- •Concurrent update conflict
Assert 409 for duplicate creation or optimistic locking.Request body exceeds server limits.
- •File upload too large
- •Body size limit reached
Assert 413 with oversized payloads in boundary tests.Content-Type not supported by the endpoint.
- •Sending XML to JSON-only endpoint
- •Missing Content-Type header
Assert 415 with wrong Content-Type header.Request well-formed but semantically invalid.
- •Business rule violation
- •Invalid field value
Assert 422 for semantic validation. Popular in REST APIs.Rate limit exceeded.
- •API rate limiting
- •DDoS protection
Assert 429 in rate limit tests. Check Retry-After header.Unexpected server error.
- •Unhandled exception
- •Database down
- •Bug in server code
Should NOT appear in happy-path tests. Log and investigate.Server got invalid response from upstream.
- •Upstream service down
- •Proxy misconfiguration
Assert 502 in service mesh / gateway tests.Server temporarily unable to handle requests.
- •Maintenance mode
- •Server overloaded
Assert 503 during maintenance window tests.Server didn't get response from upstream in time.
- •Slow upstream service
- •Network timeout
Assert 504 in timeout and resilience tests.Frequently Asked Questions(click to expand)
What is the difference between 401 and 403?
401 (Unauthorized) means the client has not provided valid authentication credentials. 403 (Forbidden) means the client is authenticated but does not have permission to access the resource.
When should I use 200 vs 201 vs 204?
Use 200 for successful GET/PUT/PATCH requests that return data. Use 201 for POST requests that create a new resource. Use 204 for DELETE or actions that succeed but return no body.