Subscribe to PHP Freaks RSS

400 Bad Request

syndicated from planet-php.net on November 13, 2018

400 Bad Request is the first error code. Every status that starts with a 4 indicates that the client did something wrong. If the status starts with a 5 it means that the server did something wrong.



400 Bad Request is used as a generic error code. It’s a useful default error code if there’s no specific error code that’s a better fit.



There’s often a lot of discussion about which 4xx code is the most appropriate for any different situations. This might be because there’s many, and it’s not always super clear what the distinctions between them are.



The most important thing to remember when selecting the appropriate code is: “can a generic client do something with this response?”. If the answer is no, it might not matter as much which error code is returned.



For example, when a client sees a 401 it might know to show a login window. When a client sees a 403, it might know to tell the end-user that the reason their operation failed, was because of permissions-related issues.



Those are good reasons to show an error code, but those reasons don’t always exists. For those cases it’s fine to just use the generic status code 400.



Response bodies



When returning any error, you should also return a response body with more information about the failure. If your client is a browser, this might be user-friendly html page. If your client is some kind of JSON-based client, it might be good idea to use the standard application/problem+json response code.



Example



HTTP/1.1 400 Bad Request
Content-Type: application/problem+json

{ "type": "https://example.org/impolite", "title": "Request was not polite enough", "detail": "HTTP requests must be made using a 'Please' HTTP header. }


References