An HTTP status code is a three-digit number that a server sends in response to every HTTP request. The first digit indicates the class of response. Status codes are the primary way HTTP communicates success, failure, and what to do next. Every developer who works with web applications, APIs, or network infrastructure needs to understand them.
The Five Classes
1xx (Informational): the request was received and processing is continuing. These are rarely seen in normal application development. 100 Continue is used during large file uploads to confirm the client should proceed with the request body.
2xx (Success): the request was successfully received, understood, and accepted. 200 OK is the most common success code for GET requests. 201 Created confirms that a POST request successfully created a new resource. 204 No Content confirms success for DELETE and some PUT/PATCH requests where no response body is needed.
3xx (Redirection): further action is needed to complete the request. 301 Moved Permanently tells the client (and search engines) that the resource has permanently moved to a new URL. 302 Found is a temporary redirect. 304 Not Modified tells the browser to use its cached version of the resource.
4xx (Client Error): the request contains bad syntax or cannot be fulfilled. These errors are caused by the client (the user or the application making the request). 400 Bad Request means the request is malformed. 401 Unauthorized means authentication is required. 403 Forbidden means the authenticated user does not have permission. 404 Not Found means the resource does not exist. 405 Method Not Allowed means the HTTP method is not supported for this endpoint. 429 Too Many Requests means the client has exceeded a rate limit.
5xx (Server Error): the server failed to fulfill a valid request. These errors are caused by the server. 500 Internal Server Error is a generic server-side error. 502 Bad Gateway means a proxy received an invalid response from the upstream server. 503 Service Unavailable means the server is temporarily unable to handle requests (typically due to overload or maintenance). 504 Gateway Timeout means the proxy did not receive a response from the upstream server in time.
Handling Status Codes in Code
When making HTTP requests in code, check the status code before trying to use the response body. A 4xx or 5xx status code means the body may contain an error message rather than the expected data.
For REST APIs, establish clear conventions: 200 for successful GET, 201 for successful POST with a created resource, 204 for successful DELETE, 400 with a descriptive error body for validation failures, 401 for missing authentication, 403 for insufficient permissions, and 404 for missing resources.
Using the DevHexLab HTTP Status Reference
Open the tool at /tools/network/http-status-reference. Search by number or keyword. Every standard status code is listed with its official name, a plain-English description, the response class, and common causes.
Frequently Asked Questions
What is the difference between 401 and 403?
401 Unauthorized means the request lacks valid authentication credentials. 403 Forbidden means the authenticated user is known but does not have permission to access the resource.
When should I use 422 vs 400?
400 Bad Request is for malformed requests that the server cannot parse. 422 Unprocessable Entity is for requests that are syntactically valid but semantically incorrect (for example, a form submission with valid JSON but logically invalid field values).
Understand status codes and you understand HTTP.