# HTTP Status Codes
Every API MUST use the appropriate HTTP Status Codes (opens new window) to communicate the result of a request operation.
Every API designer, implementer and consumer MUST understand the semantic of the HTTP Status Code she is using.
In general, the status code are officially divided into 5 kinds:
1xx
- Informational (opens new window) (also a non-final response)2xx
- Successful (opens new window)3xx
- Redirection (opens new window)4xx
- Client error (opens new window)5xx
- Server error (opens new window)
Some specific usecases:
- 200 OK - Response to a successful REST API action.
- 301 Moved Permanently tells the client that the resource has moved, and it can create a new request if it wishes.
- 400 Bad Request - The request is malformed, such as message body format error.
- 401 Unauthorized - Wrong or no authentication ID/password provided.
- 403 Forbidden - It's used when the authentication succeeded but authenticated user doesn't have permission to the requested resource
- 404 Not Found - When a non-existent resource is requested. Caches will often perform so-called “negative caching” (i.e., assigning heuristic freshness lifetime to it), and automated agents like Web crawlers will use it as a signal that the resource isn’t there any more.
- 405 Method Not Allowed - The error checking for unexpected HTTP method. For example, the RestAPI is expecting HTTP GET, but HTTP PUT is used.
- 429 Too Many Requests - The error is used when there may be DOS attack detected or the request is rejected due to rate limiting