Skip to content

4xx Client Errors — Bad Requests and Client Mistakes

DodaTech Updated 2026-06-28 1 min read

In this tutorial, you will learn about 4xx client errors. We cover key concepts, practical examples, and best practices to help you master this topic.

4xx status codes indicate the client made an error: malformed request, missing authentication, insufficient permissions, nonexistent resources, or invalid data.

Code Reference

400 Bad Request: Malformed JSON, missing Content-Type, invalid parameter format. 401 Unauthorized: Missing or invalid auth token. 403 Forbidden: Authenticated but no permission. 404 Not Found: Resource does not exist at that URL. 405 Method Not Allowed: HTTP method not supported. 409 Conflict: Resource state conflict (duplicate, stale version). 410 Gone: Resource permanently deleted. 422 Unprocessable Entity: Valid syntax but invalid semantics. 429 Too Many Requests: Rate limit exceeded.

Examples

app.get("/api/users/:id", (req, res) => {
  const user = findUser(req.params.id);
  if (!user) {
    return res.status(404).json({
      status: 404,
      error: "not_found",
      message: "User not found",
      requestId: req.id
    });
  }
  res.json(user);
});

Common Mistakes

  1. Returning 403 for missing auth — Use 401 for missing/invalid auth, 403 for insufficient permissions.
  2. Returning 500 for validation errors — Validation errors are 422, not 500.
  3. Not distinguishing 400 vs 422 — 400 for syntax errors, 422 for semantic errors.

Practice Questions

  1. What is the difference between 401 and 403?
  2. When do you use 422 instead of 400?
  3. What does 409 Conflict indicate?

What's Next

In the next lesson, you will learn 5xx server error codes.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro