| Response code | Description |
|---|
| 200 OK | Everything worked as expected. Generic, happy response code, if none of the other 2XX are better suited |
| 201 Created | Returned if we create a new resource |
| 202 Accepted | Acknowledgement of the request but will be processed asynchronously (so the handling could still fail) |
| 204 No Content | A successful request with no body - maybe used in the case of deleting a resource |
| Response code | Description |
|---|
| 400 Bad Request | Generic client error, if none of the below are more suitable |
| 401 Unauthorized | Literally missing auth token, or token is expired or revoked |
| 403 Forbidden | Insufficient roles - typical if a user doesn't have permission to perform a requested action |
| 404 Not Found | The entity doesn't exist, for all intensive purposes (or the authenticated user has no access to it) |
| 405 Method Not Allowed | Incorrect or unsupported HTTP method used for an endpoint |
| 422 Unprocessable Entity | Request validation error. More details should be provided in the body |
5XX Server error - hopefully these are rare!
