What HTTP status code should you use? 401? 403? 404? [The Confused Developer]
Most APIs follow RESTful conventions, which means that an API response must include information to make the client aware of what is going on and what the server expects the client to do next. When discussing Protected APIs it could be different, but there are also security considerations regarding the amount of information your server should provide. In those instances, should you use the status code 401 Unauthorized or 403 Forbidden? Or maybe something else?
In this video, you'll learn when to use each status code and what guidelines to follow to keep your API secure.
Read the accompanying blog post to this video, which includes an illustration that summarizes the content: https://auth0.com/blog/forbidden-unau...
---
00:00 Introduction
01:00 Determining an HTTP Status Code
02:36 When to Use 400 Bad Request
03:40 When to Use 401 Unauthorized
05:12 When to Use 403 Forbidden
06:19 Security Considerations & Response Details
08:26 Hiding Protected Resources
09:46 How to Deal with Bad Requests
11:13 Outro
___________________________________________
Learn with Auth0 by Okta
Try Auth0 for free - https://a0.to/yt-signup
The Auth0 by Okta blog - https://a0.to/blog
___________________________________________
Follow Us on Social
Twitter - / oktadev
LinkedIn - / oktadev
![Understanding the nuances of passkeys [The Confused Developer]](https://images.mixrolikus.cc/video/NAz2Oi2-N7Y)
![Understanding the concepts of access control [The Confused Developer]](https://images.mixrolikus.cc/video/vULfBEn8N7E)
![The relationship between URLs, URIs, and URNs [The Confused Developer]](https://images.mixrolikus.cc/video/iUzyy8CnPVY)
![Encoding IS NOT Encryption! And neither is hashing. [The Confused Developer]](https://images.mixrolikus.cc/video/PNbQ1Ix71Gc)
![What HTTP status code should you use? 401? 403? 404? [The Confused Developer]](https://images.mixrolikus.cc/video/LqrxfllNdCg)