What's the difference between 401 and 403?

401 means the request lacks valid authentication credentials — the client should authenticate. 403 means the server understands the request but refuses it — the client is authenticated but not authorized.

When should I use 400 vs. 422?

400 for malformed syntax (unparseable JSON, invalid format). 422 for semantically invalid data (valid JSON, but field values fail business rules). Many APIs use 422 for all validation errors for clarity.

What's the difference between 301 and 308?

301 (Moved Permanently) and 302 (Found) allow the client to change POST to GET on redirect. 307 (Temporary) and 308 (Permanent) require the same method to be used for the redirect request. Use 307/308 for API redirects where method matters.

HTTP Status Codes | DevTools Surf

DevTools Surf

About HTTP Status Codes

HTTP Status Codes preview - Info / Guides tool

Complete reference of HTTP status codes with meanings. Part of the DevTools Surf developer suite. Browse more tools in the Info / Guides collection.

Use Cases

Look up the correct status code for a specific API response scenario.
Distinguish between 401 and 403 for authentication vs. authorization failures.
Find the right redirect code (301, 302, 307, 308) for a specific redirect behavior.
Reference error code semantics during API design review.

Tips

Use 422 Unprocessable Entity for validation errors on well-formed requests — it's semantically more precise than 400 Bad Request for JSON APIs.
Return 429 Too Many Requests with a Retry-After header for rate limiting — clients can read the header and back off for the correct duration automatically.
Use 307 (Temporary Redirect) over 302 when you need the redirect to preserve the original HTTP method — 302 allows clients to change POST to GET on redirect, which 307 forbids.

Fun Facts

HTTP status codes were originally designed for use in HTTP/1.0 (1996). The three-digit format was inherited from SMTP reply codes (220, 421, 550) designed by Jon Postel in 1982.
HTTP 418 'I'm a Teapot' was defined in RFC 2324 (1998) as an April Fools' joke (the Hyper Text Coffee Pot Control Protocol). Despite being a joke, it's been preserved in all subsequent HTTP specifications and is implemented in production by Google and AWS.
The IANA HTTP Status Code Registry has 69 registered status codes as of 2024, but developers commonly use fewer than 20. The RFC defines 5xx as server errors, 4xx as client errors, 3xx as redirects, 2xx as success, and 1xx as informational.

FAQ

What's the difference between 401 and 403?: 401 means the request lacks valid authentication credentials — the client should authenticate. 403 means the server understands the request but refuses it — the client is authenticated but not authorized.
When should I use 400 vs. 422?: 400 for malformed syntax (unparseable JSON, invalid format). 422 for semantically invalid data (valid JSON, but field values fail business rules). Many APIs use 422 for all validation errors for clarity.
What's the difference between 301 and 308?: 301 (Moved Permanently) and 302 (Found) allow the client to change POST to GET on redirect. 307 (Temporary) and 308 (Permanent) require the same method to be used for the redirect request. Use 307/308 for API redirects where method matters.

Related Info / Guides Tools

Docker Basics SEO Basics for Developers REST API Basics Next.js App Router Basics Connect Your Site to Google Git Basics (First Hour)Kubernetes Basics GraphQL vs REST