| Method | Purpose | Example |
|---|---|---|
GET |
Retrieve a resource | GET /users/1 |
POST |
Create a new resource | POST /users |
PUT |
Replace a full resource | PUT /users/1 |
PATCH |
Update part of a resource | PATCH /users/1 |
DELETE |
Delete a resource | DELETE /users/1 |
Use plural nouns for resource names
GET /users
Use path parameters for specific items
GET /users/123 → Retrieve user with ID = 123
Use query parameters for filtering or search
GET /users?age=25 → Users aged 25
Success Responses (2xx)
| Code | Meaning | Use Case Example |
|---|---|---|
| 200 OK | Request succeeded | GET /users/1 returns user data |
| 201 Created | Resource successfully created | POST /users with valid data |
| 202 Accepted | Request accepted, processing later | Async operations like email sending |
| 204 No Content | Success, but no response body | DELETE /users/1 or PUT without return |
Redirection Responses (3xx)
| Code | Meaning | Use Case Example |
|---|---|---|
| 301 Moved Permanently | Resource permanently moved to a new URL | Old API route redirected to new version (e.g., /v1 → /v2) |
| 302 Found | Temporary redirect | Redirect login request to external SSO provider |
| 303 See Other | Redirect with GET after POST | After successful POST /users, redirect to GET /users/1 |
| 304 Not Modified | Cached response still valid | Client sends If-None-Match, server responds with 304 |
| 307 Temporary Redirect | Same method, temporary URI change | Temporary service migration |
| 308 Permanent Redirect | Same method, permanent URI change | Standardized version of 301 (preserves request method) |
Client Errors (4xx)
| Code | Meaning | Use Case Example |
|---|---|---|
| 400 Bad Request | Invalid syntax or data | Missing required field in JSON |
| 401 Unauthorized | No valid authentication provided | Missing or invalid token |
| 403 Forbidden | Authenticated but not allowed | User lacks permission to access resource |
| 404 Not Found | Resource doesn't exist | GET /users/999 where user doesn’t exist |
| 405 Method Not Allowed | Method not supported on this path | PUT /login (not allowed) |
| 409 Conflict | Resource state conflict | Creating a user with duplicate email |
| 422 Unprocessable Entity | Valid syntax but semantically wrong | Invalid email format, weak password |
| 429 Too Many Requests | Rate limit exceeded | API rate-limiting in effect |
Server Errors (5xx)
| Code | Meaning | Use Case Example |
|---|---|---|
| 500 Internal Server Error | Generic server-side error | Unexpected error on backend |
| 502 Bad Gateway | Invalid response from upstream server | Reverse proxy to offline service |
| 503 Service Unavailable | Server temporarily overloaded | Server down for maintenance |
| 504 Gateway Timeout | Upstream server timeout | Dependent service took too long |