HTTP Status Codes

HTTP status codes the server can generate in response to an HTTP POST or HTTP GET request:

• 200 OK: Successful request.
• 400 Bad Request: Invalid argument (invalid request payload).
• 403 Forbidden: Permission denied (e.g. invalid API key).
• 429 Resource Exhausted: Either out of resource quota or reaching rate limiting.
• 500 Internal Server Error: Internal server error (retry your request).
• 503 Service Unavailable: Unavailable.
• 504 Gateway Timeout: Deadline exceeded (retry your request).

Note: Clients that receive an unsuccessful HTTP response (that is, any HTTP status code other than 200 OK) must enter back-off mode.

Possible reasons for receiving HTTP status code 400 Bad Request:

• fullHashes.find: Invalid hash.
• threatListUpdates.fetch: Empty update request, or invalid list configuration, or list does not exist for the requested configuration.
• threatMatches.find: Threat entry type not set in threat info section of request.