My feeling is 409 Conflict is the most appropriate, however, seldom seen in the wild of course: The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict … Read more
For a PUT request: HTTP 200, HTTP 204 should imply “resource updated successfully”. HTTP 201 if the PUT request created a new resource. For a DELETE request: HTTP 200 or HTTP 204 should imply “resource deleted successfully”. HTTP 202 can also be returned by either operation and would imply that the instruction was accepted by … Read more
A clear explanation from Daniel Irvine [original link]: There’s a problem with 401 Unauthorized, the HTTP status code for authentication errors. And that’s just it: it’s for authentication, not authorization. Receiving a 401 response is the server telling you, “you aren’t authenticated–either not authenticated at all or authenticated incorrectly–but please reauthenticate and try again.” To … Read more