HTTP 400 Bad Request — What It Means & How to Debug
HTTP 400 Bad Request means the server cannot process the request due to malformed syntax, invalid parameters, or incorrect request structure from the client.
What It Means
The HTTP 400 Bad Request status code indicates the server could not understand or process the request because of client-side issues. Unlike a 404 Not Found (resource doesn’t exist) or a 500 Internal Server Error (server malfunction), a 400 means the server received something it couldn’t make sense of — malformed JSON, missing required fields, invalid data types, or incorrect request formatting.
The response body typically includes an error message or validation details explaining what went wrong, helping the client fix the request and resubmit.
When It’s Sent
- Malformed JSON or XML in the request body
- Missing required fields in a POST/PUT request
- Invalid data types — sending a string where a number is expected
- Validation failures — email format is wrong, password is too short
- Oversized payloads — request body exceeds the server’s size limit
Real Example
curl -X POST https://api.example.com/users \
-H "Content-Type: application/json" \
-d '{"name": "Alice", "email": "not-an-email"}'Expected response:
< HTTP/1.1 400 Bad Request
< Content-Type: application/json
<
{"error":"Validation failed","details":{"email":"Must be a valid email address"}}The server rejected the request because the email format was invalid and returned a descriptive error.
How to Debug
Browser DevTools
- Open the Network tab
- Trigger the action that causes the error
- Find the request with status
400(shown in red) - Click it and go to the Preview or Response tab to read the error message
- Check the Payload tab to see exactly what data was sent
curl
curl -v -X POST https://api.example.com/users \
-H "Content-Type: application/json" \
-d '{"name":"Test"}'The response body usually contains the validation error. Add -v to see the full request and response headers.
Postman
The status badge shows 400 Bad Request in red. The Body tab displays the error response. Use the Body tab in the request section to verify the data being sent.
How to Fix
- Validate JSON syntax — use a JSON validator (like
jq .or jsonlint.com) before sending - Check required fields — compare your payload against the API documentation
- Verify data types — ensure numbers are numbers, strings are strings, booleans are
true/false - Check Content-Type header — must match the request body format (usually
application/json) - Limit payload size — stay under the server’s max body size (typically 1MB–10MB)
- URL-encode query parameters — special characters in query strings must be percent-encoded
Common Causes
| Scenario | What Happens | Why It Matters |
|---|---|---|
| Invalid JSON | Body has trailing comma, missing quote, or syntax error | Server can’t parse the request at all |
| Missing required field | POST body omits a mandatory field | Server rejects the incomplete data |
| Wrong data type | Sending "age":"twenty" instead of "age":20 | Server’s type check fails |
| Oversized payload | Uploading a 50MB file to a 10MB limit endpoint | Server cuts off the request |
| Invalid query params | Using ?date=invalid-format | Server can’t parse the parameter value |
FAQ
Related Codes
- HTTP 200 OK — what you get after fixing the request
- HTTP 401 Unauthorized — another client-side error, but for missing auth
- HTTP 403 Forbidden — authenticated but not permitted
- HTTP 404 Not Found — resource doesn’t exist
- HTTP 500 Internal Server Error — not your fault, it’s the server
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro