How to Fix HTTP 400 Bad Request Error
In this tutorial, you'll learn about How to Fix HTTP 400 Bad Request Error. We cover key concepts, practical examples, and best practices to help you understand and apply this topic effectively.
The Problem
Your API client receives:
HTTP/1.1 400 Bad Request
Or:
400 Bad Request: The server could not understand the request due to invalid syntax.
The server cannot Process the request because the client sent a malformed or invalid request.
Quick Fix
1. Check the request body syntax
A malformed JSON body is the most common cause:
// Wrong — invalid JSON (trailing comma)
fetch('/api/users', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ name: 'John', email: 'john@example.com', })
})
// Right — valid JSON
fetch('/api/users', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ name: 'John', email: 'john@example.com' })
})
2. Validate URL encoding
Special characters in URLs must be percent-encoded:
# Wrong — unencoded spaces and special chars
GET /api/search?q=hello world&filter=name:John
# Right — percent-encoded
GET /api/search?q=hello%20world&filter=name%3AJohn
In JavaScript:
const params = new URLSearchParams({
q: 'hello world',
filter: 'name:John'
})
fetch(`/api/search?${params}`)
3. Check request headers
A request header that is too large or malformed triggers 400:
// Wrong — oversized cookie or custom header
fetch('/api/data', {
headers: { 'X-Custom-Token': 'a'.repeat(100000) } // too large
})
// Right — keep headers under 8KB
fetch('/api/data', {
headers: { 'X-Custom-Token': 'valid-token' }
})
4. Check Content-Type header
The Content-Type must match the body format:
// Wrong — JSON body but wrong content type
fetch('/api/users', {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: JSON.stringify({ name: 'John' })
})
// Right
fetch('/api/users', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ name: 'John' })
})
5. Debug with curl
Test the request directly to isolate the issue:
# Test with verbose output
curl -v -X POST https://api.example.com/users \
-H "Content-Type: application/json" \
-d '{"name":"John","email":"john@example.com"}'
Prevention
- Always use JSON validators or linters in development.
- Use
URLSearchParamsorencodeURIComponentfor query parameters. - Keep request headers under 8KB total.
- Validate Content-Type on both client and server.
- Log the full request body and headers on 400 errors for debugging.
Common Mistakes with 400 bad request
- Using
headandtailinstead of pattern matching, causing runtime errors on empty lists - Forgetting that lazy evaluation defers computation until the value is forced, causing space leaks with unevaluated thunks
- Using
returnto exit a function early instead of wrapping a pure value in the monad
These mistakes appear frequently in real-world API code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.
Practice Exercise
Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.
This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.
FAQ
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro