# 400 Bad Request

> https://http-status.org/docs/400

**Family:** 4xx Client Error

## Rationale

Client sent invalid syntax or cannot be processed as-is.

## In Plain Terms

Your request doesn't make sense or has mistakes in it. Check what you're sending and try again.

## Description

The HTTP 400 Bad Request status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

## Server Perspective

### Usage
- Return 400 for malformed JSON, invalid framing, bad syntax, or deceptive routing
- Use it when the request cannot be interpreted reliably before deeper business validation
- Malformed JSON or XML in request body
- Missing required parameters
- Invalid parameter values or types
- Request syntax errors
- Violating API contract or schema

### Implementation
- Include a concise machine-readable error when the client can fix the input
- Stop processing early instead of forcing malformed input deeper into application logic

### Common Headers
- No status-specific header is required; still send normal HTTP metadata such as Content-Type, caching, or tracing headers when they help the client.

### Body
- Optionally include a stable error code and a short explanation of what part of the request was invalid

### Pitfalls
- Use 422 for well-formed requests that fail semantic or business-rule validation
- Do not collapse authentication, authorization, and not-found cases into generic 400 responses
- Authentication issues (use 401 Unauthorized)
- Authorization issues (use 403 Forbidden)
- Resource not found (use 404 Not Found)
- Well-formed request with semantic or business-rule validation failure (use 422 Unprocessable Content)

## Client Perspective

### Pitfalls
- Do not treat 400 like a generic validation or permission error without checking the response body

## Examples

### Invalid JSON payload

Request body contains invalid JSON syntax

**Request:**
```
POST https://api.example.test/api/users

{"name": "John"
```

**Response:**
```
400 Bad Request
Content-Type: application/json

{
  "error": "bad_request"
}
```

### Malformed Content-Type framing

The request declares JSON but sends a body that mixes encoding conventions the server cannot parse as valid HTTP content.

**Request:**
```
POST https://api.example.test/api/users
Content-Type: application/json

name=John&email=john@example.test
```

**Response:**
```
400 Bad Request
Content-Type: application/json

{
  "error": "bad_request",
  "message": "Request body could not be read properly."
}
```

## Related Codes

- [422 Unprocessable Content](/docs/422.md)