HTTP Status Codes
Quick reference for all HTTP response status codes.
1xx Informational
Continue
The server has received the request headers and the client should proceed to send the request body.
Switching Protocols
The requester has asked the server to switch protocols and the server has agreed.
Processing
The server has received and is processing the request, but no response is available yet.
2xx Success
OK
The request was successful. Standard response for successful HTTP requests.
Created
The request has been fulfilled and a new resource has been created.
Accepted
The request has been accepted for processing, but processing is not complete.
No Content
The server successfully processed the request but is not returning any content.
Partial Content
The server is delivering only part of the resource due to a range header sent by the client.
3xx Redirection
Moved Permanently
The resource has been permanently moved to a new URL. Future requests should use the new URL.
Found
The resource resides temporarily under a different URL. Client should continue using the original URL.
Not Modified
The resource has not been modified since the last request. Used for caching.
Temporary Redirect
The request should be repeated with another URL, but future requests should use the original URL.
Permanent Redirect
The request and all future requests should be repeated using another URL. Method and body are preserved.
4xx Client Error
Bad Request
The server cannot process the request due to a client error (malformed syntax, invalid framing, etc.).
Unauthorized
Authentication is required and has failed or has not been provided.
Forbidden
The client does not have permission to access the requested resource.
Not Found
The requested resource could not be found on the server.
Method Not Allowed
The request method is not supported for the requested resource.
Request Timeout
The server timed out waiting for the request from the client.
Conflict
The request could not be completed due to a conflict with the current state of the resource.
Gone
The resource is no longer available and will not be available again.
Payload Too Large
The request entity is larger than the server is willing or able to process.
Unsupported Media Type
The request entity has a media type which the server does not support.
Unprocessable Entity
The request was well-formed but semantically erroneous. Common in API validation errors.
Too Many Requests
The user has sent too many requests in a given amount of time (rate limiting).
5xx Server Error
Internal Server Error
A generic error message when the server encounters an unexpected condition.
Not Implemented
The server does not recognize the request method or lacks the ability to fulfill the request.
Bad Gateway
The server received an invalid response from the upstream server while acting as a gateway.
Service Unavailable
The server is currently unable to handle the request due to overloading or maintenance.
Gateway Timeout
The server did not receive a timely response from the upstream server.
Understanding HTTP Status Codes
HTTP status codes are three-digit numbers returned by a server in response to a client request. They are grouped into five categories: 1xx (Informational) indicates the request was received and processing continues; 2xx (Success) confirms the request was successfully received, understood, and accepted; 3xx (Redirection) tells the client further action is needed to complete the request; 4xx (Client Error) signals that the request contains bad syntax or cannot be fulfilled; and 5xx (Server Error) means the server failed to fulfill a valid request.
In the context of REST APIs and webhook delivery, status codes are essential for communication between services. When a webhook provider sends a payload to your endpoint, the status code your server returns determines whether the delivery is considered successful or needs to be retried. Most webhook providers treat any 2xx response as a successful delivery and will retry on 4xx or 5xx errors using exponential backoff strategies.
Most Common Status Codes for Webhooks
200 OK
The webhook was received and processed successfully. This is the most common success response and tells the provider to mark the delivery as complete.
201 Created
The webhook triggered the creation of a new resource on your end. Functionally equivalent to 200 for most webhook providers.
401 Unauthorized
The webhook request failed authentication. This typically means the signature verification failed or the API key/token is missing or invalid. Check your webhook secret configuration.
404 Not Found
The webhook endpoint URL does not exist. Double-check the URL configured in the provider's settings. This often happens after endpoint paths change during deployments.
429 Too Many Requests
Your server is rate-limiting incoming webhooks. The provider should back off and retry later. If you see this frequently, consider increasing your rate limits or adding a queue.
500 Internal Server Error
Your webhook handler crashed or threw an unhandled exception. Providers will typically retry the delivery. Check your server logs to identify and fix the root cause.
502 Bad Gateway
A reverse proxy or load balancer in front of your server received an invalid response. Common when your application server is down or restarting during a deployment.
FAQ
What status code should my webhook endpoint return?
Return 200 or 202 to acknowledge receipt of the webhook. A 200 means you processed it immediately; a 202 means
you accepted it for later processing. Most providers will retry the delivery if they receive
a 4xx or 5xx response, so return a success code as quickly as possible and handle heavy processing
asynchronously.
What's the difference between 401 and 403?
A 401 Unauthorized means the request lacks valid
authentication credentials — the client has not proven who they are. A 403 Forbidden means the client is authenticated (the server
knows who they are) but does not have permission to access the requested resource. In webhook
terms, 401 usually means a bad or missing signature, while 403 means the webhook source is
recognized but not allowed.
Why am I getting 429 errors?
A 429 means the server is rate-limiting your requests because you have exceeded the
allowed number of requests in a given time window. To resolve this, implement
exponential backoff in your retry logic: wait 1 second after the first failure, then 2
seconds, 4 seconds, and so on. Also check the Retry-After header, which many servers include to tell you exactly how long to wait.
Related Tools
Monitor webhook HTTP responses?
HookWatch tracks every response code from your webhook endpoints and alerts on failures.
Get Started Free