API automation test cases should validate the HTTP status beyond 200. In this post I will explain what are the HTTP status and the scenarios in which it will be returned by the API.
HTTP Status 200
This is the default status returned by most API end points. Sometimes APIs also return 200 but return it with an error message. It is better to use a separate flag isSuccess which when it is true it will be assumed as success and if it fails it will be an indication for error in the API. Along with this flag have a message field which will have the error message when isSuccess = false.
HTTP Status 201
In most implementations create and update of objects are done in single endpoint. If the id of the object is 0 then it is assumed as creation of new record in the database. if the id of the object is greater than 0 then it will be assumed to be existing in the database and will be updated in the database. For this scenario the API mostly returns 200 as status code but the client cannot distinguish between the insert or update that happened in the API.
Hence we recommend the API to return 201 if it inserted the record into the database and 200 if it updated the record in the database. This will help the client application show appropriate messages to its users.
HTTP Status 202
In high volume transaction applications the data is not inserted into the database real-time. It is logged to a queue and then pulled from it from another application and inserted into the database after validation. In such scenarios the API should return 202 to indicate that the data has been handed over to another service to insert into the database. If logging into the queue is successful or writing to a file is successful then return 202 else 500 for the status.
HTTP Status 203
For high volume applications that get data from various system and return it, the data may not be the latest copy. In such cases it must be explicitly specified by the API with the response code 203 which stands for non-authoritative information.
HTTP Status 204
Next to 200 you will see this status in most of the API endpoints. This is returned for all preflight requests. This status code indicates that the response size is 0 bytes. This is usually sent to the APIs for preparing the endpoint for the actual call that will follow immediately. This will help the server to load the data into cache or do some other operations and be ready to serve the actual request.
Hope you find this post useful and you can guide your API developers to implement them and make it industry standards compliant.
Sinduja works as Director of Quality Assurance at Knowillence, responsible for ensuring software quality across diverse IT projects. She focuses on building robust testing processes, identifying risks early, and enabling reliable, scalable releases. With a keen eye for detail and a process-driven approach, she helps project teams deliver stable, high-quality solutions. Her work plays a key role in strengthening execution discipline and customer confidence.