What HTTP status code for unactivated account?

http httpresponse http-status-codes
Johnathan Au picture Johnathan Au · Mar 25, 2013 · Viewed 9.1k times · Source

Which HTTP status code should I respond with after authenticating the user and then finding out that they have not activated their account after registration?

Answer

BalusC picture BalusC · Mar 25, 2013

401 means that the user is unknown (not authenticated at all or authenticated incorrectly, e.g. the credentials are invalid).
403 means that the user is known but not authorized (i.e. doesn't have the proper role/group).

You could also interpret a registered but inactivated account as an user having a specific role like "INACTIVE" and/or lacking the proper role. 403 is more appropriate in your particular case.

Related questions

How do I use Fiddler to modify the status code in an HTTP response?

I need to test some client application code I've written to test its' handling of various status codes returned in an HTTP response from a web server. I have Fiddler 2 (Web Debugging Proxy) installed and I believe there's a way …

Read More
Difference between http response status code 402 and 403

Friends and fellow users, We have both 402 and 403 http response codes. Though, 402 is reserved for future use. What is (or would be) the difference between these two. Payment not received should be equal to not authorized, shouldn't it? EDIT:I …

Read More
Specify supported media types when sending "415 unsupported media type"

If a clients sends data in an unsupported media type to a HTTP server, the server answers with status "415 unsupported media type". But how to tell the client what media types are supported? Is there a standard or at least …

Read More