Back to list
400

Bad Request

4xx Client Error

.md

ELI5

Your request doesn't make sense or has mistakes in it. Check what you're sending and try again.

Server perspective

Use 400 when the request is malformed or framed in a way the server will not process.

When to use

  • Return 400 for malformed JSON, invalid framing, bad syntax, or deceptive routing
  • Use it when the request cannot be interpreted reliably before deeper business validation
  • Malformed JSON or XML in request body
  • Missing required parameters
  • Invalid parameter values or types
  • Request syntax errors
  • Violating API contract or schema

How to respond

  • Include a concise machine-readable error when the client can fix the input
  • Stop processing early instead of forcing malformed input deeper into application logic

Headers to consider

  • No status-specific header is required; still send normal HTTP metadata such as Content-Type, caching, or tracing headers when they help the client.

Response body

  • Optionally include a stable error code and a short explanation of what part of the request was invalid

Server-side pitfalls

  • Use 422 for well-formed requests that fail semantic or business-rule validation
  • Do not collapse authentication, authorization, and not-found cases into generic 400 responses
  • Authentication issues (use 401 Unauthorized)
  • Authorization issues (use 403 Forbidden)
  • Resource not found (use 404 Not Found)
  • Well-formed request with semantic or business-rule validation failure (use 422 Unprocessable Content)

Examples

Invalid JSON payload

Request:POST https://api.example.test/api/users # Body {"name": "John"
Response:400 Bad Request # Headers Content-Type: application/json # Body { "error": "bad_request" }

Request body contains invalid JSON syntax

Malformed Content-Type framing

Request:POST https://api.example.test/api/users # Headers Content-Type: application/json # Body name=John&email=john@example.test
Response:400 Bad Request # Headers Content-Type: application/json # Body { "error": "bad_request", "message": "Request body could not be read properly." }

The request declares JSON but sends a body that mixes encoding conventions the server cannot parse as valid HTTP content.

References

Related Status Codes

422

Unprocessable Content

Your request looks right, but the data doesn't make sense according to our business rules. Fix the data and try again.