403 Forbidden vs 401 Unauthorized HTTP responses In summary, a 401 Unauthorized response should be used for missing or bad authentication, and a 403 Forbidden response should be used afterwards, when the user is authenticated but isn’t authorized to perform the requested operation on the given resource Another nice pictorial format of how http status codes should be used
When and why should i use 403 error code? - Stack Overflow The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it The word "authorize" sometimes trips people up, because it sounds like this status is specific to credentials
Difference between http response status code 402 and 403 The HTTP Statuscode 402 is indeed different from 403: As it states in RFC 2616 the status code 402 is 402 Payment Required That means the request is not generally forbidden but requires payment Apparently it is used by some services in the intended manner List of HTTP status codes I think it is currently not needed (or just not used because not specified how to use) but the authors of the