Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Difference between http response status code 402 and 403

Friends and fellow users,

We have both 402 and 403 http response codes. Though, 402 is reserved for future use.

What is (or would be) the difference between these two. Payment not received should be equal to not authorized, shouldn't it?

EDIT:I would like to know the answers on a "Why 402 is required when we already have 403" angle.

like image 230
rest_day Avatar asked Aug 13 '09 08:08

rest_day


People also ask

What is the 402 response code?

The HTTP 402 Payment Required is a nonstandard response status code that is reserved for future use. This status code was created to enable digital cash or (micro) payment systems and would indicate that the requested content is not available until the client makes a payment.

What is the difference between 401 and 403 response code?

401 Unauthorized is the status code to return when the client provides no credentials or invalid credentials. 403 Forbidden is the status code to return when a client has valid credentials but not enough privileges to perform an action on a resource.

What does the HTTP 403 response status code mean?

The HTTP 403 Forbidden response status code indicates that the server understands the request but refuses to authorize it.

What is the difference between the common status codes 403 and 404?

The three status codes that felt the most appropriate are: 401 - Unauthorized. 403 - Forbidden. 404 - Not Found.


2 Answers

The HTTP Statuscode 402 is indeed different from 403:

As it states in RFC 2616 the status code 402 is

402 Payment Required

That means the request is not generally forbidden but requires payment. Apparently it is used by some services in the intended manner List of HTTP status codes

I think it is currently not needed (or just not used because not specified how to use) but the authors of the standard did some thought an put it in for future use which could be useful.

like image 79
kmindi Avatar answered Sep 29 '22 16:09

kmindi


403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

Dots this help?

like image 33
Shoban Avatar answered Sep 29 '22 18:09

Shoban