Why do APIs return 422 instead of 400?

400 Bad Request means the request syntax is malformed. 422 Unprocessable Entity means the syntax is valid but the content has semantic errors — for example, a JSON body is valid JSON but contains invalid data like a negative age or an invalid email format. Many REST APIs prefer 422 for validation errors.

HTTP Status Code Reference

All HTTP status codes (1xx–5xx) with descriptions, use cases, and quiz mode.

Code	Name	Description	Common Use Case

Showing all HTTP status codes.

HTTP Status Code Categories

HTTP status codes are three-digit numbers returned by a server in response to a client's request. They are grouped into five classes based on the first digit, each indicating a broad category of response type.

1xx — Informational

Informational responses indicate that the request was received and the process is continuing. The most common is 100 Continue, which tells the client to continue sending the request body. 101 Switching Protocols is used when upgrading a connection to WebSocket. These codes are rarely seen directly by developers but are important for protocol negotiation.

2xx — Success

Success codes confirm that the request was successfully received, understood, and accepted. 200 OK is the most common response for successful GET requests. 201 Created is returned when a new resource is created (typical for POST requests). 204 No Content is returned when the operation succeeded but there is nothing to return (common for DELETE requests). 206 Partial Content enables range requests for video streaming and large file downloads.

3xx — Redirection

Redirection codes tell the client to take additional action to fulfill the request, usually navigating to a different URL. 301 Moved Permanently is critical for SEO — it permanently redirects to a new URL and passes link equity. 302 Found (temporary redirect) keeps the original URL indexed by search engines. 304 Not Modified is used in HTTP caching — the browser can use its cached version of the resource. 307 and 308 are method-preserving versions of 302 and 301 respectively. Use our Canonical Checker to verify redirect chains.

4xx — Client Errors

Client error codes indicate that the request contains bad syntax or cannot be fulfilled. 400 Bad Request is returned for malformed request syntax. 401 Unauthorized requires authentication. 403 Forbidden means authenticated but lacking permission. 404 Not Found is the most famous status code — the resource doesn't exist. 405 Method Not Allowed is returned when the HTTP method (GET, POST, etc.) isn't supported. 429 Too Many Requests implements rate limiting. 451 Unavailable For Legal Reasons — a nod to Fahrenheit 451 — indicates censored content.

5xx — Server Errors

Server error codes indicate that the server failed to fulfill a valid request. 500 Internal Server Error is the generic catch-all for server bugs. 502 Bad Gateway appears when a proxy receives an invalid response from an upstream server (common with misconfigured Nginx/Apache). 503 Service Unavailable is returned during maintenance or when the server is overloaded. 504 Gateway Timeout occurs when a proxy server times out waiting for the upstream. Understanding 5xx errors is essential for debugging infrastructure issues.

Using Status Codes in APIs

Well-designed REST APIs use status codes semantically rather than always returning 200 OK with an error body. The general convention: use 2xx for success, 4xx when the client made a mistake, and 5xx when the server made a mistake. Avoid returning 200 with {"error": "Not found"} — use 404 instead. For validation errors, many APIs use 422 Unprocessable Entity to distinguish semantic errors from syntactic errors (400). For more HTTP tooling, see our HTTP Header Inspector and cURL to Code Converter.

Frequently Asked Questions

401 Unauthorized means the client is not authenticated — no valid credentials were provided. 403 Forbidden means the client is authenticated but does not have permission to access the resource. In short: 401 = who are you? 403 = I know who you are, but you can't do that.

301 Moved Permanently tells browsers and search engines the resource has moved to a new URL permanently — search engines transfer link equity to the new URL. 302 Found is a temporary redirect, so search engines keep the original URL indexed.

400 Bad Request means the request syntax is malformed. 422 Unprocessable Entity means the syntax is valid but the content has semantic errors — for example, valid JSON but with an invalid email format or a negative quantity. Many REST APIs prefer 422 for validation errors.

429 Too Many Requests is returned when a client has exceeded the rate limit. The response often includes a Retry-After header indicating when the client can try again. It is commonly used by APIs to prevent abuse.

500 Internal Server Error is a generic server-side error — something went wrong but the server cannot be more specific. 503 Service Unavailable means the server is temporarily unable to handle the request due to maintenance or overload. 503 is typically temporary while 500 indicates a bug.