Overview
In HTTP communication, HTTP methods and response status codes are fundamental components that define the interactions between clients and servers.
HTTP Methods
HTTP methods, often referred to as “verbs,” specify the desired action to be performed on a given resource. The primary methods include:
GET: Retrieve data from the server.POST: Submit data to the server, often resulting in a new resource creation.PUT: Update or create a resource at a specified URI.DELETE: Remove a specified resource.HEAD: Similar to GET but retrieves only the headers without the body.OPTIONS: Describe the communication options for the target resource.PATCH: Apply partial modifications to a resource.
Each method serves a distinct purpose, enabling precise control over web resources.
HTTP Response Status Codes Upon receiving a request, the server responds with a status code that indicates the outcome. These codes are grouped into five classes:
- 1xx (Informational): Request received; continuing process.
- 2xx (Success): The request was successfully received, understood, and accepted.
- 3xx (Redirection): Further action is needed to complete the request.
- 4xx (Client Error): The request contains bad syntax or cannot be fulfilled.
- 5xx (Server Error): The server failed to fulfill a valid request.
Common status codes include:
- 200 OK: The request succeeded.
- 201 Created: The request succeeded, and a new resource was created.
- 400 Bad Request: The server cannot process the request due to client error.
- 401 Unauthorized: Authentication is required and has failed or has not yet been provided.
- 403 Forbidden: The request is understood, but the server refuses to authorize it.
- 404 Not Found: The requested resource could not be found.
- 500 Internal Server Error: A generic error message indicating that the server encountered an unexpected condition.
HTTP Methods
HTTP defines several methods, each specifying a particular action to be performed on a resource. These methods, often referred to as HTTP verbs, include:
HTTP GET Method
Retrieves data from a server at the specified resource. It should not alter the server’s state and is considered safe and idempotent.
Use Case: Fetching a webpage or reading data from an API.
GET /index.html HTTP/1.1
Host: www.carlogonzales.com
HTTP POST Method
Sends data to the server to create a new resource. It may change the server’s state and is neither safe nor idempotent.
Use Case:
POST /submit-form HTTP/1.1
Host: www.carlogonzales.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 27
name=Carlo&age=30
HTTP PUT Method
Updates an existing resource or creates it if it doesn’t exist. It is idempotent but not safe.
Use Case: Updating user information or uploading a file to a specific URL.
PUT /user/123 HTTP/1.1
Host: www.carlogonzales.com
Content-Type: application/json
Content-Length: 21
{"name": "John Doe"}
HTTP DELETE Method
Removes the specified resource from the server. It is idempotent but not safe.
Use Case: Deleting a user account or removing a file.
DELETE /user/123 HTTP/1.1
Host: www.carlogonzales.com
HTTP HEAD Method
Similar to GET but retrieves only the headers without the body. Useful for checking resource metadata.
Use Case: Verifying if a resource exists or checking its last modified date.
HEAD /index.html HTTP/1.1
Host: www.carlogonzales.com
HTTP OPTIONS Method
Describes the communication options for the target resource, detailing the supported HTTP methods.
Use Case: Determining the methods supported by a server or resource.
OPTIONS /api/users HTTP/1.1
Host: www.carlogonzales.com
HTTP PATCH Method
Applies partial modifications to a resource. It is neither safe nor idempotent.
Use Case: Updating a user’s email address without affecting other data.
PATCH /user/123 HTTP/1.1
Host: www.carlogonzales.com
Content-Type: application/json
Content-Length: 18
{"email": "[email protected]"}
HTTP TRACE Method
Echoes the received request, used mainly for diagnostic purposes.
Use Case: Testing or diagnosing the path to the target resource.
TRACE /test HTTP/1.1
Host: www.carlogonzales.com
HTTP Method
Establishes a tunnel to the server, commonly used for SSL tunneling.
Use Case: Facilitating HTTPS connections through a proxy.
CONNECT www.carlogonzales.com:443 HTTP/1.1
Host: www.carlogonzales.com
HTTP Response Code
HTTP status codes are standardized three-digit numbers that indicate the outcome of a client’s request to a server. They are categorized into five classes:
- 1xx Informational: Request received; continuing process.
- 2xx Success: Request successfully received, understood, and accepted.
- 3xx Redirection: Further action needed to complete the request.
- 4xx Client Error: Request contains bad syntax or cannot be fulfilled.
- 5xx Server Error: Server failed to fulfill a valid request.
Below is a comprehensive list of HTTP status codes, along with sample protocol responses and guidance on handling each:
1xx Informational
100 Continue
The server has received the request headers, and the client should proceed to send the request body.
Handling: Continue sending the request body.
HTTP/1.1 100 Continue
101 Switching Protocols
The server is switching protocols as requested by the client.
Handling: Switch to the protocol specified in the response.
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
102 Processing
The server has received and is processing the request, but no response is available yet.
Handling: Wait for the server to finish processing; no immediate action required.
HTTP/1.1 102 Processing
2xx Success
200 OK
The request succeeded.
Handling: Process the response body as it contains the requested data.
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 85
{"message": "Success", "data": {...}}
201 Created
The request succeeded, and a new resource was created.
Handling: Acknowledge the creation; use the Location header to reference the new resource.
HTTP/1.1 201 Created
Location: https://api.example.com/resource/123
Content-Type: application/json
Content-Length: 36
{"message": "Resource created successfully"}
202 Accepted
The request has been accepted for processing, but the processing has not been completed.
Handling: The request is being processed; no immediate action required.
HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: 50
{"message": "Request accepted for processing"}
3xx Redirection
301 Moved Permanently
The resource has been permanently moved to a new URI.
Handling: Update bookmarks or references to the new URI; future requests should use the new URI.
HTTP/1.1 301 Moved Permanently
Location: https://www.newdomain.com/resource
302 Found
The resource has been temporarily moved to a different URI.
Handling: Follow the Location header to access the resource; continue using the original URI for future requests.
HTTP/1.1 302 Found
Location: https://www.temporarydomain.com/resource
304 Not Modified
The resource has not been modified since the last request.
Handling: Use the cached version of the resource; no need to download it again.
HTTP/1.1 304 Not Modified
4xx Client Error
400 Bad Request
The server cannot process the request due to client error (e.g., malformed request syntax).
Handling: Review and correct the request parameters before retrying.
HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 45
{"error": "Invalid request parameters"}
401 Unauthorized
Authentication is required and has failed or has not yet been provided.
Handling:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="Access to the site"
Content-Type: application/json
Content-Length: 44
{"error": "Authentication credentials required"}
403 Forbidden
The request contained valid data and was understood by the server, but the server is refusing action.
Handling: Verify permissions; access
HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 40
{"error": "Access to this resource is forbidden"}
404 Not Found
The requested resource could not be found on the server.
Handling: Check the request URL for errors; the resource may not exist.
HTTP/1.1 404 Not Found
Content-Type: application/json
Content-Length: 36
{"error": "Resource not found"}
405 Method Not Allowed
The request method is known by the server but is not supported by the target resource.
Handling: Check the Allow header for supported methods and modify the request accordingly.
HTTP/1.1 405 Method Not Allowed
Allow: GET, POST
Content-Type: application/json
Content-Length: 44
{"error": "Method not allowed for this resource"}
409 Conflict
The request could not be completed due to a conflict with the current state of the resource.
Handling: Resolve the conflict and retry the request.
HTTP/1.1 409 Conflict
Content-Type: application/json
Content-Length: 47
{"error": "Conflict with the current state of resource"}
5xx Server Error
500 Internal Server Error
A generic error message indicating that the server encountered an unexpected condition.
Handling: Retry later; if the issue persists, contact server support.
HTTP/1.1 500 Internal Server Error
Content-Type: application/json
Content-Length: 44
{"error": "An unexpected error occurred"}
502 Bad Gateway
The server, while acting as a gateway or proxy, received an invalid response from the upstream server.
Handling: Retry after some time; if the issue persists, investigate upstream server status.
HTTP/1.1 502 Bad Gateway
Content-Type: application/json
Content-Length: 39
{"error": "Invalid response from upstream server"}
503 Service Unavailable
The server is currently unable to handle the request due to temporary overload or maintenance.
Handling: Retry after the time specified in the Retry-After header.
HTTP/1.1 503 Service Unavailable
Retry-After: 3600
Content-Type: application/json
Content-Length: 49
{"error": "Service unavailable; please try again later"}
504 Gateway Timeout
The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server.
Handling: Retry after some time; if the issue persists, investigate upstream server status.
HTTP/1.1 504 Gateway Timeout
Content-Type: application/json
Content-Length: 45
{"error": "Upstream server timed out"}