Being a responsible RESTful API, the status codes sent in responses are matched as best as possible to the actual condition met. For example, when rate limiting 429 Too Many Requests is sent rather than twitters more esoteric (although funny) custom 420 Enhance Your Calm. The REST API Tutorial website has a fantastic reference for HTTP Status Codes. The following is a list of the most common status codes returned in responses:
| Status Code | Description |
|---|---|
| 200 OK | The request has succeeded. The information returned with the response is dependent on the method used in the request. For example: when a patch to an existing package has been processed. |
| 201 Created | The request has been fulfilled and resulted in a new resource being created. For example: when a new repository has been created. |
| 202 Accepted | The request has been accepted for processing, but the processing has not been completed. For example: when a package upload has been completed but not yet processed. |
| 401 Unauthorized | The request requires user authentication. For example: viewing a private repository requires authentication and authorisation (permission to view the repository). |
| 403 Forbidden | The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. For example: sending requests to places that you shouldn't be.  |
| 404 Not Found | The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. For example: requesting a repository that doesn't exist (or one that you don't have permission to see). |
| 422 Unprocessable Entity | The server understands the content type of the request entity, and the syntax of the request entity is correct but was unable to process the contained instructions. For example: sending a request that contains field validation errors (such as a missing field). |