Here is a list of possible HTTP methods that can be use and their possible response codes.
| Method | Typical use | Safe | Idempotent | Success codes | Common error codes |
|---|---|---|---|---|---|
| GET | Read a resource / list | Yes | YES | 200 OK → return representation 206 Partial Content → Range requests 304 Not Modified → conditional GET/HEAD cache validation | 400 Bad Request → invalid query params 401 Unauthorized → not authenticated 403 Forbidden → authenticated but not allowed 404 Not Found → resource doesn’t exist 416 Range Not Satisfiable → invalid range |
| HEAD | GET metadata only (no body) | Yes | Yes | 200 OK → headers as-if GET 304 Not Modified → conditional HEAD | Same as GET (commonly 400/401/403/404) |
| POST | Create subordinate resource / submit command | No | No | 201 Created → new resource created (+ Location) 200 OK → action succeeded + response body 202 Accepted → async processing started 204 No Content → success, nothing to return | 400 Bad Request → invalid payload 401/403 auth failures 409 Conflict → violates current state (duplicate, etc.) 415 Unsupported Media Type → wrong Content-Type 422 Unprocessable Content → syntactically valid but semantically invalid 429 Too Many Requests → rate-limited (often with Retry-After) |
| PUT | Create/replace resource at known URI | No | Yes | 201 Created → created at target URI 200 OK → replaced + return representation 204 No Content → replaced, no body | 400 Bad Request 401/403 404 Not Found → target collection/parent missing (API choice) 412 Precondition Failed → If-Match / conditional failed 415/422 content type or semantic validation failures(optional) 428 Precondition Required → server requires conditional update |
| PATCH | Partial update (apply “patch document”) | No | No* | 200 OK → patched + return representation 204 No Content → patched, no body (common) | 400 malformed patch doc 415 unsupported patch format (+ Accept-Patch) 404 target missing (when patch can’t apply to null resource) 409 conflicting state 412 precondition failed when using If-Match422 unprocessable change |
| DELETE | Delete a resource | No | Yes | 200 OK → deleted + return body (optional) 204 No Content → deleted, no body 202 Accepted → async deletion | 401/403 404 not found 409 conflict (e.g., cannot delete due to state/constraints) |
| OPTIONS | Discover capabilities / CORS preflight | Yes | Yes | 200 OK → return capabilities in headers/body 204 No Content → headers only | 405 method not allowed (if OPTIONS disabled) |
| TRACE | Diagnostic loop-back (rare; often disabled) | Yes | Yes | 200 OK → returns received request (diagnostic) | 405 often blocked |
| CONNECT | Establish a tunnel (proxies; HTTPS via proxy) | NO | (no) | 2xx → tunnel established (commonly 200) | 407 proxy auth required (via Proxy-Authenticate) |
