200
OK
2xx Success
What Does HTTP 200 OK Mean?
HTTP 200 is the most common HTTP status code. It tells the client that its request was received, understood, and processed successfully. The meaning of "success" varies by HTTP method:
- GET — The requested resource has been fetched and is transmitted in the message body.
- POST — The result of the action is described or contained in the response body.
- PUT/PATCH — The resource was successfully updated and the current state may be in the body.
- DELETE — The resource was successfully deleted (though 204 No Content is often preferred).
- HEAD — The headers that would be returned for a GET are sent, but without a body.
A 200 response is always cacheable by default unless explicitly overridden by cache-control headers.
When Your Application Returns 200
While 200 means success at the HTTP level, watch out for these common pitfalls that can mislead developers:
- Soft errors hidden behind 200: Some APIs return
{"status": "error", "message": "Invalid token"}with a 200 status. This is an anti-pattern — always use proper HTTP status codes (401 for auth failures, 422 for validation errors). - Empty 200 responses: A 200 with no body on a GET request usually indicates a bug. Consider using 204 No Content if there is genuinely nothing to return.
- 200 on POST creates: When a POST creates a new resource, return 201 Created instead of 200 to follow HTTP semantics. Include the
Locationheader pointing to the new resource. - 200 on cached responses: If you are returning content from cache, 200 is correct for a full response. Use 304 Not Modified when the client already has the current version.
- Returning 200 for partial failures: In batch operations, if some items succeed and some fail, consider 207 Multi-Status (WebDAV) or include an error summary in the response body.
Code Examples
Curl Request/Response
$ curl -i https://api.example.com/users/42
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: max-age=3600
Content-Length: 127
{"id": 42, "name": "Jane Doe", "email": "jane@example.com"}
Express.js (Node.js)
app.get('/api/users/:id', async (req, res) => {
const user = await User.findById(req.params.id);
if (!user) {
return res.status(404).json({ error: 'User not found' });
}
res.status(200).json(user); // 200 is the default, but being explicit is fine
});
Python (Flask)
@app.route('/api/users/<int:user_id>')
def get_user(user_id):
user = User.query.get_or_404(user_id)
return jsonify(user.to_dict()), 200
Nginx Configuration
# Health check endpoint that always returns 200
location /health {
access_log off;
return 200 'OK';
add_header Content-Type text/plain;
}
Frequently Asked Questions
What does HTTP 200 OK mean?
HTTP 200 OK is the standard response for successful HTTP requests. It means the server received your request, understood it, and processed it without errors. For GET requests, the requested data is included in the response body. For POST requests, the result of the operation is returned.
Is HTTP 200 always a success?
At the HTTP protocol level, yes — 200 means the server handled the request successfully. However, some APIs use 200 for everything and put error details in the response body. This is considered bad practice. Always check the response body for application-level errors, especially when consuming third-party APIs.
What is the difference between 200 OK and 201 Created?
200 OK is a general-purpose success code, while 201 Created specifically indicates that a new resource was created as a result of the request. 201 is typically used after POST requests that create new records. The 201 response should include a
Location header with the URL of the newly created resource.