Irreva logo
Explore Irreva
AboutPrivacyTermsContact
DeveloperMarch 27, 2026· 6 min read· Updated June 10, 2026

What Is an HTTP Status Code — 200, 404, 500 Explained

Hasanur Rahman

Written by Hasanur Rahman

Founder & Full-Stack Developer · Irreva · Rangpur, Bangladesh

Every HTTP response includes a status code — a three-digit number that summarizes the outcome of the request. 200 means it worked. 404 means the resource wasn't found. 500 means something went wrong on the server. These codes are the common language between clients and servers, and understanding them is fundamental to web development and API debugging.

The five classes of status codes

HTTP status codes are grouped into five classes based on the first digit. 1xx codes are informational — they indicate a provisional response. 2xx codes indicate success. 3xx codes indicate redirection — the client needs to take another action to complete the request. 4xx codes indicate client errors — something wrong with the request. 5xx codes indicate server errors — something wrong on the server's side.

The first digit immediately tells you who is responsible for the problem. A 4xx code means the client (usually your code or the user) sent a bad request. A 5xx code means the server failed to process a valid request. This distinction matters enormously for debugging.

  • 1xx — Informational (100 Continue, 101 Switching Protocols)
  • 2xx — Success (200 OK, 201 Created, 204 No Content)
  • 3xx — Redirection (301 Moved Permanently, 302 Found, 304 Not Modified)
  • 4xx — Client Error (400 Bad Request, 401 Unauthorized, 403 Forbidden, 404 Not Found, 422 Unprocessable Entity, 429 Too Many Requests)
  • 5xx — Server Error (500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable, 504 Gateway Timeout)

The most important codes explained

200 OK is the standard success response. The request succeeded and the response body contains the requested data. 201 Created is used when a POST request successfully creates a new resource — the Location header usually points to the new resource's URL. 204 No Content means the request succeeded but there's no body to return — common for DELETE requests.

301 Moved Permanently tells the client and search engines that the resource has permanently moved to a new URL. Search engines transfer SEO equity to the new URL. 302 Found is a temporary redirect — search engines should keep the original URL indexed. 304 Not Modified tells the client the cached version is still valid, saving a full download.

401 Unauthorized means the client is not authenticated. 403 Forbidden means the client is authenticated but doesn't have permission. 404 Not Found means the resource doesn't exist at this URL. 429 Too Many Requests means the client is being rate-limited.

Status codes in API design

Choosing the right status code is part of designing a good REST API. Using 200 for everything — including errors — makes clients unable to detect failures programmatically. The HTTP spec exists precisely so clients know how to handle responses without reading the body first.

A common debate is 401 vs 403. Use 401 when the client isn't authenticated at all (send credentials). Use 403 when the client is authenticated but isn't allowed to access this resource (the credentials are valid but the permissions aren't sufficient).

For validation errors, 422 Unprocessable Entity is the most semantically accurate code — the request was well-formed but the content was invalid. Some APIs use 400 Bad Request for both malformed requests and validation errors; 422 is more precise.

Try these free tools

JSON FormatterJWT DecoderURL Encoder

Frequently Asked Questions

What is the difference between 401 and 403?

401 Unauthorized means you need to authenticate — send credentials (a token, a cookie, a username/password). 403 Forbidden means you are authenticated but not permitted to access this resource. With a 401, trying again with credentials might work. With a 403, no level of authentication will help — the access is denied by policy.

What does a 502 Bad Gateway mean?

A 502 occurs when a server acting as a gateway or proxy (like Nginx or a load balancer) received an invalid response from an upstream server. It usually means the backend application server is down or not responding correctly. Check your application server logs, not just the proxy.

Why do some APIs return 200 with an error in the body?

This is generally bad API design but common in older APIs and some RPC-style endpoints. Graphql, for example, always returns 200 and puts error information in the response body. REST APIs should use appropriate 4xx/5xx codes to allow error handling without parsing the response body.

What is the difference between 301 and 302 redirects for SEO?

A 301 (permanent) redirect tells search engines the old URL is gone forever — transfer all SEO equity (ranking signals) to the new URL and update your index. A 302 (temporary) redirect tells search engines to keep the old URL indexed because the move is not permanent. Use 301 for permanent URL changes and migrations.

What does 418 I'm a Teapot mean?

HTTP 418 is a joke status code from RFC 2324 (Hyper Text Coffee Pot Control Protocol), an April Fools' Day RFC from 1998. The code was meant as humor: a teapot refuses to brew coffee. It has no real use in production APIs, but it has achieved legendary status in developer culture.

Related articles

What Is an API Endpoint Explained for BeginnersRead →What Is WebSocket vs HTTP — Differences ExplainedRead →
Hasanur Rahman

About the author

Hasanur Rahman

Founder & Full-Stack Developer · Irreva · Rangpur, Bangladesh

Hasanur Rahman is the founder of Irreva and a full-stack developer based in Rangpur, Bangladesh. He builds all of Irreva's tools with a focus on privacy-first, browser-based processing.

← Back to all articles