Les codes de statut HTTP sont des nombres à trois chiffres renvoyés par un serveur. Comprendre ces codes est essentiel pour déboguer les API et résoudre les problèmes réseau. Ce guide complet des codes HTTP couvre tous les codes que vous rencontrerez.
Consultez n'importe quel code HTTP avec notre outil →
1xx — Informationnel
Ces codes indiquent que le serveur a reçu la requête et continue de la traiter.
| Code | Name | Description |
|---|---|---|
100 | Continue | The server has received the request headers. The client should proceed to send the body. Used with Expect: 100-continue header. |
101 | Switching Protocols | The server is switching protocols as requested by the client (e.g., upgrading to WebSocket). |
102 | Processing | The server is processing the request but has not completed it yet (WebDAV). |
103 | Early Hints | Used to return some response headers before the final response. Allows preloading resources with Link headers. |
2xx — Succès
La catégorie la plus courante. Ces codes indiquent que la requête a été traitée avec succès.
| Code | Name | Description |
|---|---|---|
200 | OK | The standard success response. Meaning depends on the method: GET returns the resource, POST returns the result of the action. |
201 | Created | A new resource was successfully created. Should include a Location header with the URL of the new resource. |
202 | Accepted | The request has been accepted for processing, but processing is not yet complete. Great for async operations. |
204 | No Content | Success, but there is no content to return. Common for DELETE operations and PUT updates. |
206 | Partial Content | The server is delivering only part of the resource due to a Range header. Used for resumable downloads and video streaming. |
3xx — Redirection
Ces codes indiquent que le client doit effectuer une action supplémentaire.
| Code | Name | Description |
|---|---|---|
301 | Moved Permanently | The resource has permanently moved to a new URL. Search engines transfer ranking to the new URL. Use for permanent URL changes. |
302 | Found | Temporary redirect. The original URL should still be used for future requests. Search engines keep indexing the original. |
303 | See Other | The response to the request can be found at another URL using GET. Often used after POST to redirect to a result page. |
304 | Not Modified | The resource hasn't changed since the last request. The client should use its cached version. Saves bandwidth. |
307 | Temporary Redirect | Like 302, but guarantees the HTTP method won't change. A POST stays a POST after redirect. |
308 | Permanent Redirect | Like 301, but guarantees the HTTP method won't change. Preferred over 301 for API redirects. |
4xx — Erreurs client
Ces codes indiquent un problème du côté du client.
| Code | Name | Description |
|---|---|---|
400 | Bad Request | The server cannot process the request due to malformed syntax, invalid parameters, or missing required fields. |
401 | Unauthorized | Authentication is required. The request lacks valid credentials (token, API key, or session). |
403 | Forbidden | The server understood the request but refuses to authorize it. The user is authenticated but lacks permission. |
404 | Not Found | The requested resource could not be found. Check the URL for typos or verify the resource exists. |
405 | Method Not Allowed | The HTTP method (GET, POST, etc.) is not supported for this resource. Check allowed methods in the Allow header. |
408 | Request Timeout | The server timed out waiting for the request. The client can retry. |
409 | Conflict | The request conflicts with the current state of the resource. Common with duplicate entries or version conflicts. |
410 | Gone | The resource is permanently gone and will not be available again. Unlike 404, this is intentional and permanent. |
413 | Payload Too Large | The request body exceeds the server's size limit. Common with file uploads. |
415 | Unsupported Media Type | The server doesn't support the request's Content-Type. Ensure you're sending the correct format (JSON, form-data, etc.). |
418 | I'm a Teapot | An April Fools' joke from RFC 2324. The server refuses to brew coffee because it is, permanently, a teapot. |
422 | Unprocessable Entity | The request is well-formed but contains semantic errors. Common for validation failures in APIs. |
429 | Too Many Requests | Rate limit exceeded. Check the Retry-After header for when to retry. |
451 | Unavailable For Legal Reasons | The resource is blocked due to legal reasons (censorship, GDPR, court order). Named after Fahrenheit 451. |
5xx — Erreurs serveur
Ces codes indiquent que le serveur n'a pas pu traiter la requête.
| Code | Name | Description |
|---|---|---|
500 | Internal Server Error | A generic server error. Check server logs for the actual error. Never expose stack traces to clients in production. |
501 | Not Implemented | The server does not support the functionality required to fulfill the request (e.g., an unimplemented API endpoint). |
502 | Bad Gateway | The server, acting as a gateway/proxy, received an invalid response from the upstream server. Check if your backend is running. |
503 | Service Unavailable | The server is temporarily unable to handle the request (overloaded or down for maintenance). Should include Retry-After header. |
504 | Gateway Timeout | The gateway/proxy did not receive a timely response from the upstream server. Common with slow database queries or external API calls. |
Bonnes pratiques pour les codes API
Choisir le bon code rend votre API plus intuitive.
// REST API Status Code Guidelines
// Creating a resource
POST /api/users → 201 Created (with Location header)
// Successful read
GET /api/users/123 → 200 OK
// Successful update
PUT /api/users/123 → 200 OK (with updated resource)
PATCH /api/users/123 → 200 OK
// Successful delete
DELETE /api/users/123 → 204 No Content
// Validation error
POST /api/users (invalid data) → 422 Unprocessable Entity
{
"error": "Validation failed",
"details": [
{ "field": "email", "message": "Invalid email format" }
]
}
// Authentication required
GET /api/admin → 401 Unauthorized
{ "error": "Authentication required" }
// No permission
GET /api/admin (as regular user) → 403 Forbidden
{ "error": "Insufficient permissions" }
// Resource not found
GET /api/users/999 → 404 Not Found
{ "error": "User not found" }
// Rate limit exceeded
GET /api/search → 429 Too Many Requests
Retry-After: 60
{ "error": "Rate limit exceeded", "retry_after": 60 }Scénarios de débogage courants
Les codes HTTP sont votre premier indice lors du débogage.
CORS Errors (Browser shows "blocked by CORS")
The browser blocks the request, but the actual HTTP status may be hidden. Check server logs. Ensure your server sends the correct Access-Control-Allow-Origin, Access-Control-Allow-Methods, and Access-Control-Allow-Headers headers.
502 Bad Gateway on Deployment
Your reverse proxy (Nginx, Cloudflare) can't reach your application server. Check: Is the app process running? Is it listening on the correct port? Are there firewall rules blocking the connection?
# Check if your app is running
ps aux | grep node
# Check if it's listening on the expected port
netstat -tlnp | grep 3000
# Check Nginx error logs
tail -f /var/log/nginx/error.log504 Gateway Timeout
The upstream server is too slow. Common causes: slow database queries, external API timeouts, or large file processing. Solutions: optimize queries, add timeouts to external calls, use background jobs for heavy tasks.
429 Rate Limiting
// Implementing exponential backoff in JavaScript
async function fetchWithRetry(url, maxRetries = 3) {
for (let i = 0; i < maxRetries; i++) {
const response = await fetch(url);
if (response.status !== 429) return response;
const retryAfter = response.headers.get('Retry-After');
const delay = retryAfter
? parseInt(retryAfter) * 1000
: Math.pow(2, i) * 1000; // 1s, 2s, 4s
await new Promise(r => setTimeout(r, delay));
}
throw new Error('Max retries exceeded');
}Questions fréquentes
Quelle différence entre 401 et 403 ?
401 = authentification manquante. 403 = authentifié mais pas autorisé.
Quand utiliser 200 vs 201 ?
200 pour les requêtes réussies, 201 quand une nouvelle ressource est créée.
Que signifie 418 I'm a Teapot ?
Un poisson d'avril de 1998 (RFC 2324). Le serveur refuse de faire du café car c'est une théière.
Différence entre 301 et 302 pour le SEO ?
301 = redirection permanente (transfère le SEO). 302 = temporaire (garde l'URL originale).
Comment gérer le 429 ?
Vérifiez l'en-tête Retry-After et implémentez un backoff exponentiel.
Comprendre les codes HTTP est fondamental. Utilisez notre outil pour chercher rapidement tout code.