mbleigh
commented
10 years ago Nope, actually, 400 and 403 tend to be closer than 403 and 401. 401 refers to any kind of lack of authorization e.g. trying to post to a group you're not a member of, or accessing logged in functionality when you aren't. 403 on the other hand is more like "in normal circumstances you could do this, but you can't because I say so." An example of a 403 might be a one-time use code that's already been redeemed, as an example.
In https://github.com/staticapps/staticapps.org/blob/master/articles/front-end-error-handling.md it says: "403 Forbidden: The difference between this and 400 can be subtle". It should be "401" instead of "400", shouldn't it?