HTTP 400 Bad Request

What It Means

The HTTP 400 Bad Request status code indicates that the server cannot process the request due to something perceived as a client error. The request is malformed, invalid, or deceptive.

Common Causes

• Invalid JSON: Malformed JSON in request body
• Missing required fields: Required parameters not provided
• Invalid data types: String where number expected, etc.
• URL too long: Query string exceeds server limits
• Invalid characters: Unencoded special characters in URL
• Corrupt cookies: Malformed or expired cookies
• Invalid headers: Malformed or conflicting headers

Example Responses

Generic 400

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error": "Bad Request",
  "message": "Invalid JSON in request body"
}

With validation details

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "error": "Validation Error",
  "details": [
    {"field": "email", "message": "Invalid email format"},
    {"field": "age", "message": "Must be a positive number"}
  ]
}

How to Debug

1. Check the request body: Validate JSON syntax
2. Verify Content-Type: Ensure header matches body format
3. Check required fields: Read API documentation
4. Inspect URL encoding: Encode special characters
5. Clear cookies: Try in incognito mode
6. Check server logs: Look for specific validation errors

Quick Fixes

# Validate JSON
echo '{"name": "test"}' | jq .

# Check URL encoding
curl -v "https://api.example.com/search?q=hello%20world"

# Test with minimal request
curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]"}'

400 vs Other 4xx Errors

Best Practices for APIs

• Return specific error messages explaining what's wrong
• Include field-level validation errors when applicable
• Use consistent error response format across your API
• Log details server-side for debugging