A
AiTechWorlds
AiTechWorlds
All HTTP methods, 2xx/3xx/4xx/5xx status codes, headers reference, REST conventions, and caching.
| Method | Purpose | Idempotent | Safe | Body |
|---|---|---|---|---|
GET | Retrieve resource | Yes | Yes | No |
POST | Create resource | No | No | Yes |
PUT | Replace resource entirely | Yes | No | Yes |
PATCH | Partial update | No | No | Yes |
DELETE | Remove resource | Yes | No | No |
HEAD | GET without body | Yes | Yes | No |
OPTIONS | List allowed methods | Yes | Yes | No |
CONNECT | Tunnel (HTTPS proxy) | No | No | No |
TRACE | Diagnostic echo | Yes | Yes | No |
Idempotent = same result whether called once or many times.
Safe = doesn't modify server state.
| Range | Category | Meaning |
|---|---|---|
| 1xx | Informational | Request received, processing |
| 2xx | Success | Request succeeded |
| 3xx | Redirection | Further action needed |
| 4xx | Client Error | Request has an error |
| 5xx | Server Error | Server failed to fulfill valid request |
| Code | Name | When to Use |
|---|---|---|
| 200 | OK | General success (GET, PUT, PATCH response) |
| 201 | Created | Resource created (POST response) |
| 202 | Accepted | Request queued for async processing |
| 204 | No Content | Success, no body (DELETE, PUT with no return) |
| 206 | Partial Content | Range request (streaming, downloads) |
| Code | Name | When to Use |
|---|---|---|
| 301 | Moved Permanently | URL permanently changed (SEO-safe redirect) |
| 302 | Found | Temporary redirect (use 303/307 instead) |
| 303 | See Other | Redirect after POST (POST/Redirect/GET pattern) |
| 304 | Not Modified | Cache still valid (ETag/Last-Modified match) |
| 307 | Temporary Redirect | Temp redirect, preserves method |
| 308 | Permanent Redirect | Permanent, preserves method (use over 301 for APIs) |
301 vs 308: Both are permanent. 301 may change POST to GET on redirect; 308 preserves the method.
| Code | Name | When to Use |
|---|---|---|
| 400 | Bad Request | Malformed syntax, invalid body |
| 401 | Unauthorized | Not authenticated (needs login) |
| 403 | Forbidden | Authenticated but no permission |
| 404 | Not Found | Resource doesn't exist |
| 405 | Method Not Allowed | Method not supported for this URL |
| 408 | Request Timeout | Client too slow |
| 409 | Conflict | State conflict (e.g., duplicate create) |
| 410 | Gone | Resource permanently deleted |
| 413 | Content Too Large | Request body exceeds limit |
| 415 | Unsupported Media Type | Wrong Content-Type |
| 422 | Unprocessable Entity | Validation failed (well-formed but semantically invalid) |
| 429 | Too Many Requests | Rate limit exceeded |
401 vs 403: 401 = not logged in. 403 = logged in but not allowed.
| Code | Name | When to Use |
|---|---|---|
| 500 | Internal Server Error | Unhandled exception |
| 501 | Not Implemented | Method not supported by server |
| 502 | Bad Gateway | Upstream server returned invalid response |
| 503 | Service Unavailable | Server down/overloaded |
| 504 | Gateway Timeout | Upstream server timed out |
| 507 | Insufficient Storage | Server out of disk space |
GET /api/users HTTP/1.1
Host: api.example.com
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9...
Content-Type: application/json
Accept: application/json
Accept-Language: en-US,en;q=0.9
User-Agent: Mozilla/5.0...
Cache-Control: no-cache
If-None-Match: "abc123" β ETag for conditional GET
Cookie: session=xyz789HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 1234
Cache-Control: max-age=3600, public
ETag: "abc123"
Last-Modified: Thu, 15 Jan 2026 10:00:00 GMT
Set-Cookie: session=xyz789; HttpOnly; Secure; SameSite=Strict
X-Request-Id: a1b2c3d4
Access-Control-Allow-Origin: https://app.example.com
Strict-Transport-Security: max-age=31536000; includeSubDomainsPOST /users β 201 Created (with Location: /users/42 header)
GET /users/42 β 200 OK
PUT /users/42 β 200 OK (returns updated resource)
PATCH /users/42 β 200 OK
DELETE /users/42 β 204 No Content
GET /users/999 β 404 Not Found
POST /users (duplicate email) β 409 Conflict
POST /users (invalid email) β 422 Unprocessable Entity
GET /users (not logged in) β 401 Unauthorized
GET /admin/users (no perm) β 403 Forbidden# Tell browser to cache for 1 hour
Cache-Control: max-age=3600, public
# Never cache (API responses)
Cache-Control: no-store
# Revalidate before using cached version
Cache-Control: no-cache, must-revalidate
# ETag conditional request
Client sends: If-None-Match: "abc123"
Server sends: 304 Not Modified (if unchanged)
200 OK + new ETag: "def456" (if changed)[] with 200 is correct; 404 means the endpoint doesn't existLocation header is the correct status for created resourcesDownload HTTP Status Codes & Methods Reference
Get this note + 100s more free on Telegram
Get more notes like this daily on Telegram!
Free study notes, cheat sheets & AI tips
Join AiTechWorlds on Telegram and get daily AI tips, prompt engineering templates, coding resources, and exclusive content β 100% free!
No spam. Leave anytime.