As a Backend Developer, you've probably had this situation happen:
You finish building your API. Everything works perfectly. You test it ten times on Postman.
Then your Frontend Developer shows up frustrated:
“Something’s not working... the app is freezing!”
You check the code and see that your API always returns 200 OK, even when there's an error — with a JSON message saying "Something went wrong."
Meanwhile, the frontend is expecting something like 400 Bad Request to show an error message properly.
You're both speaking JSON… but you're not speaking the same language.
That’s exactly where HTTP Status Codes come in.
🧠 What Are HTTP Status Codes?
HTTP status codes are standardized codes sent by the server to indicate the result of a client's request.
They aren't just random numbers. They're the core communication language between frontend and backend.
Each code helps the frontend decide:
✅ Should I show the data?
❌ Should I display an error message?
🔒 Should I ask the user to log in again?
🔄 Should I retry the request later?
Understanding and using them properly makes your entire project cleaner, faster, and more professional.
🧭 Status Code Categories
Status codes are divided into 5 main categories:
| Category | Range | Meaning |
|---|---|---|
| 1xx | 100–199 | Informational |
| 2xx | 200–299 | Success |
| 3xx | 300–399 | Redirection |
| 4xx | 400–499 | Client Error |
| 5xx | 500–599 | Server Error |
Let’s dive deep into each group — with examples.
✅ 2xx – Success Codes
These mean the request was successfully received, understood, and accepted.
| Code | Name | When to Use |
|---|---|---|
200 OK |
Standard response | Request succeeded (GET, PUT, DELETE) |
201 Created |
Resource created | After POST (e.g. user registration) |
202 Accepted |
Request accepted but not completed | Async processing |
204 No Content |
Success but no data | DELETE request with no body |
✅ Example
// POST /users
Status: 201 Created
{
"id": 123,
"username": "ahmedniazy"
}
🔄 3xx – Redirection Codes
Used when further action needs to be taken by the client to complete the request.
| Code | Name | Meaning |
|---|---|---|
301 Moved Permanently |
URL changed forever | |
302 Found |
Temporarily redirected | |
304 Not Modified |
Cached version is valid, no need to re-download |
🔄 Example
// GET /old-url
Status: 301 Moved Permanently
Location: https://example.com/new-url
❌ 4xx – Client Error Codes
These indicate a problem with the request made by the client.
| Code | Name | Description |
|---|---|---|
400 Bad Request |
Invalid data or parameters | |
401 Unauthorized |
Authentication required | |
403 Forbidden |
Logged in, but no permission | |
404 Not Found |
Resource doesn't exist | |
405 Method Not Allowed |
Wrong HTTP method used | |
409 Conflict |
Data conflict (e.g. duplicate entry) | |
422 Unprocessable Entity |
Validation error | |
429 Too Many Requests |
Rate limiting |
❌ Example
// POST /login with wrong credentials
Status: 401 Unauthorized
{
"error": "Invalid email or password."
}
🔥 5xx – Server Error Codes
These indicate something went wrong on the server side.
| Code | Name | Description |
|---|---|---|
500 Internal Server Error |
Generic error | |
501 Not Implemented |
Feature not supported | |
502 Bad Gateway |
Invalid response from upstream server | |
503 Service Unavailable |
Server down or under maintenance | |
504 Gateway Timeout |
Timeout waiting for response |
🔥 Example
// GET /products during server crash
Status: 500 Internal Server Error
{
"error": "Something went wrong. Please try again later."
}
🛠️ Best Practices for Using Status Codes
✅ Always return the correct status code:
| Situation | Recommended Status |
|---|---|
| Success | 200 or 201 |
| Validation Error | 422 |
| Unauthorized | 401 |
| Server Crash | 500 |
📘 Document Each Endpoint Clearly
Include:
- Status codes returned
- Response structure
- Error messages
🤝 Agree on Response Format with Frontend Team
{
"status": true,
"message": "User created successfully.",
"data": { ... }
}
Or for errors:
{
"status": false,
"message": "Email already taken.",
"errors": { "email": "This email is already in use." }
}
⚡ Why Status Codes Save Time & Effort
- Frontend becomes smarter: Handles errors without needing backend clarification.
- Faster debugging: Know if the problem is with the client or server.
- Cleaner testing: Easier to write tests for each status.
- Professional communication: Well-structured APIs impress new team members and clients.
📌 Bonus: Quick Cheatsheet
200 – OK
201 – Created
204 – No Content
400 – Bad Request
401 – Unauthorized
403 – Forbidden
404 – Not Found
422 – Validation Error
500 – Server Error
503 – Service Unavailable
🧪 Test Yourself: What Status Code Would You Use?
- User submits form with missing fields →
________ - Server can't connect to database →
________ - Successful user login →
________ - User tries to access admin page without permission →
________ - You delete a product successfully, but don't return any data →
________
Click for Answers
- 422 Unprocessable Entity
- 500 Internal Server Error
- 200 OK
- 403 Forbidden
- 204 No Content
🧵 Final Thoughts
HTTP Status Codes are not just numbers.
They’re the backbone of communication between client and server.
If you use them correctly:
- Your frontend will thank you.
- Your debugging sessions will shrink.
- Your API will feel clean, professional, and scalable.
🧠 "The right status code tells the story of your API — even before the response body."
Top comments (0)