In a REST API, a user presents a valid token confirming authentication. However, their role does not permit access to a specific resource. Which HTTP status code best represents this scenario and why?

hard📝 Application Q9 of 15

Rest API - HTTP Status Codes

A403 Forbidden - authenticated but not authorized

B401 Unauthorized - token invalid

C404 Not Found - resource hidden

D400 Bad Request - malformed request

Step-by-Step Solution

Solution:

Step 1: Confirm authentication
The token is valid, so the user is authenticated.
Step 2: Determine authorization status
The user's role does not allow access, indicating an authorization failure.
Step 3: Select appropriate status code
403 Forbidden is used when authentication succeeded but access is denied.
Final Answer:
403 Forbidden - authenticated but not authorized -> Option A
Quick Check:
Authenticated but lacks permission? Return 403 [OK]

Quick Trick: Valid token but no access? Use 403 Forbidden [OK]

Common Mistakes:

Returning 401 Unauthorized despite valid token
Using 404 Not Found to hide resource instead of 403
Confusing 400 Bad Request with authorization errors

Master "HTTP Status Codes" in Rest API

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More Rest API Quizzes

In a REST API, a user presents a valid token confirming authentication. However, their role does not permit access to a specific resource. Which HTTP status code best represents this scenario and why?

Step 1: Confirm authentication

Step 2: Determine authorization status

Step 3: Select appropriate status code

Final Answer:

Quick Check:

Want More Practice?