ꦲꦏ꧀ꦱꦫ
Back to stories
<QA/>
QATestingAPIQA

HTTP Methods and Status Codes for Testers

PublishedUpdated AKSR
Share by

HTTP Methods and Status Codes for Testers

When testing APIs, you send HTTP requests and check HTTP responses. Knowing what each method and status code means helps you design test cases and interpret results. This post is a concise reference for testers.

HTTP methods

  • GET: Read a resource. No body; parameters in URL. Should be safe and idempotent.
  • POST: Create a resource (or trigger an action). Body usually JSON or form data.
  • PUT: Replace a resource (full update). Body contains full representation.
  • PATCH: Partial update. Body contains only changed fields.
  • DELETE: Remove a resource. No body. Idempotent.

Test each method with valid and invalid data; verify the API returns the expected status and body.

Status codes (2xx success)

  • 200 OK: Request succeeded; body contains representation (e.g. GET, PUT, PATCH).
  • 201 Created: Resource created; body often contains new resource; Location header may point to it.
  • 204 No Content: Success but no body (e.g. DELETE).

Status codes (4xx client error)

  • 400 Bad Request: Invalid input or malformed request.
  • 401 Unauthorized: Not authenticated (e.g. missing or invalid token).
  • 403 Forbidden: Authenticated but not allowed to perform this action.
  • 404 Not Found: Resource or URL does not exist.
  • 409 Conflict: Conflict with current state (e.g. duplicate, version conflict).

Status codes (5xx server error)

  • 500 Internal Server Error: Server-side failure; retry may or may not help.
  • 502/503: Bad gateway or service unavailable (e.g. upstream down, overloaded).

Design tests that expect the correct status for each scenario (valid, invalid, unauthorized, not found, etc.).

Summary

  • GET = read; POST = create; PUT/PATCH = update; DELETE = remove. Test each with valid and invalid cases.
  • 2xx = success; 4xx = client error; 5xx = server error. Use status codes to drive test expectations and assertions.