When working with web applications, you encounter HTTP status codes that tell you the outcome of HTTP requests. These codes are organized into five categories:
Informational (100-199)
Success (200-299)
Redirection (300-399)
Client Error (400-499)
Server Error (500-599)
These codes are specified in RFC 9110, a comprehensive document detailing HTTP specifications. To save you from reading through all 200 pages, here’s a summary of the most common and important HTTP status codes.
Informational (100-199)
These codes indicate that the request was received and understood, and the client should continue with the request or ignore it if already finished.
- 100 Continue: The server has received the request headers, and the client should proceed to send the request body.
- 101 Switching Protocols: The requester has asked the server to switch protocols, and the server is acknowledging that it will do so.
Success (200-299)
These codes mean that the request was successfully received, understood, and accepted.
- 200 OK: The request has succeeded. The information returned with the response depends on the method used in the request.
- 201 Created: The request has been fulfilled, resulting in the creation of a new resource.
- 204 No Content: The server successfully processed the request, but there is no content to send in the response.
Redirection (300-399)
These codes indicate that further action needs to be taken by the user agent to fulfill the request.
- 301 Moved Permanently: The requested resource has been permanently moved to a new URL.
- 302 Found: The requested resource resides temporarily under a different URL.
- 304 Not Modified: The resource has not been modified since the version specified by the request headers.
Client Error (400-499)
These codes are intended for cases in which the client seems to have erred.
- 400 Bad Request: The server could not understand the request due to invalid syntax.
- 401 Unauthorized: The client must authenticate itself to get the requested response.
- 403 Forbidden: The client does not have access rights to the content.
- 404 Not Found: The server cannot find the requested resource.
Server Error (500-599)
These codes indicate that the server is aware it has encountered an error or is otherwise incapable of performing the request.
- 500 Internal Server Error: The server has encountered a situation it doesn’t know how to handle.
- 502 Bad Gateway: The server, while acting as a gateway or proxy, received an invalid response from the upstream server.
- 503 Service Unavailable: The server is not ready to handle the request. Common causes are a server that is down for maintenance or that is overloaded.
Understanding HTTP Status Code 401: Unauthorized
HTTP status code 401 indicates that the request requires user authentication. The client must authenticate itself to get the requested response. This brings us to the concepts of authentication and authorization:
- Authentication: This process verifies the identity of a user. It ensures that the user is who they claim to be. For example, entering a username and password to log into a website.
- Authorization: This process determines what an authenticated user is allowed to do. It sets the permissions for a user. For example, even after logging in, a user may not have the rights to access the admin panel of a website.
HTTP status code 401 checks for authentication. When a server returns a 401 status code, it means the client has not yet provided valid credentials. In contrast, a 403 Forbidden status code would indicate that the server understands the request but refuses to authorize it, pointing to an authorization issue.
Conclusion
HTTP status codes are crucial for understanding the responses from web servers to client requests. By knowing these codes, you can better diagnose and troubleshoot issues in web applications. Remember, 401 Unauthorized is specifically about authentication, ensuring that the user is verified before accessing certain resources.
Understanding these status codes will help you navigate web development more effectively, allowing you to build more robust and user-friendly applications.