Difference between http response status code 402 and 403

M

3

10

Friends and fellow users,

We have both 402 and 403 http response codes. Though, 402 is reserved for future use.

What is (or would be) the difference between these two. Payment not received should be equal to not authorized, shouldn't it?

EDIT:I would like to know the answers on a "Why 402 is required when we already have 403" angle.

Masorete answered 13/8, 2009 at 8:25 Comment(0)

C

6

403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

Dots this help?

Chiliad answered 13/8, 2009 at 8:36 Comment(2)

Thanks Shoban, But I was looking at a "Why 402 is required when we already have 403" angle. – Masorete 13/8, 2009 at 8:40

Because 402 will mean (in the future) that the request MAY be repeated if the payement problem is somehow solved. – Chromophore 1/12, 2010 at 12:59

O

13

The HTTP Statuscode 402 is indeed different from 403:

As it states in RFC 2616 the status code 402 is

402 Payment Required

That means the request is not generally forbidden but requires payment. Apparently it is used by some services in the intended manner List of HTTP status codes

I think it is currently not needed (or just not used because not specified how to use) but the authors of the standard did some thought an put it in for future use which could be useful.

Overmodest answered 25/9, 2012 at 12:54 Comment(1)

The second link is not correct, it should be http402.org, which redirects to this GitHub repo about Hamming Internet Payment Protocol. – Embrocation 16/5, 2013 at 18:46

C

6

403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

Dots this help?

Chiliad answered 13/8, 2009 at 8:36 Comment(2)

Thanks Shoban, But I was looking at a "Why 402 is required when we already have 403" angle. – Masorete 13/8, 2009 at 8:40

Because 402 will mean (in the future) that the request MAY be repeated if the payement problem is somehow solved. – Chromophore 1/12, 2010 at 12:59

D

2

Note that missing a payment is only one reason to your server deny a request. You can get the "forbidden" status in other situations such as, invalid credentials, trying to access to a "private resource", etc...

I belive 402 exists just to give any more details about the reason to deny a request.

Drogheda answered 27/3, 2015 at 17:14 Comment(0)

Recommended topics

Hot tags