Which HTTP status codes are commonly used to indicate success and error in CDX APIs, and what do they mean?

• A. 100 Continue; 204 No Content; 418 I'm a teapot; 999 Unknown
• B. 301 Moved Permanently; 302 Found; 403 Forbidden; 500 Internal Server Error
• C. 200 OK; 201 Created; 204 No Content for success; 400 Bad Request; 401 Unauthorized; 403 Forbidden; 404 Not Found; 429 Too Many Requests; 500+ for server errors.
• D. 206 Partial Content; 507 Insufficient Storage; 511 Network Authentication Required; 421 Misdirected Request

Answer: (C)

HTTP status codes tell you the outcome of an API call. For CDX APIs, you want a clear signal when things go right and when they go wrong. On the success side, 200 OK means the request succeeded and you have content to read; 201 Created signals that a new resource was created; and 204 No Content indicates the request worked but there’s no body to return. On the error side, 400 Bad Request points to a malformed or missing input; 401 Unauthorized means authentication is needed or failed; 403 Forbidden shows you aren’t allowed to access the resource; 404 Not Found means the resource doesn’t exist; and 429 Too Many Requests signals rate limiting. For server problems, 500 Internal Server Error and other 5xx codes indicate issues on the server side. This mix is widely used and gives a practical, informative view of what happened with an API call.

Other options include codes that aren’t primarily about success or common client/server error signals, like redirects (301/302), which tell clients to try a different URL rather than describing the outcome of the current API call. A playful or nonstandard code (like a teapot) isn’t part of regular API signaling, and codes that describe unusual situations (such as 206 Partial Content or 511 Network Authentication Required or 507 Insufficient Storage) are not typically used as the standard set for indicating success or common errors in CDX APIs.