The Complete HTTP Error Code Reference for Agent Readiness
When an AI agent hits your API, the error response determines whether it self-corrects or abandons the workflow entirely. An HTML 500 page tells the agent nothing. A structured JSON error with field-level details, retry guidance, and documentation links lets the agent fix itself and continue. This is the definitive reference for every HTTP status code an agent encounters — and what your response should look like.
Why Error Handling Is the Highest-Leverage Agent Readiness Fix
AgentHermes scans show that 73% of businesses return HTML error pages or generic strings when API calls fail. An agent cannot parse “Something went wrong.” It cannot retry intelligently without a Retry-After header. It cannot self-correct a validation error without field-level details.
Structured error handling impacts three scoring dimensions simultaneously: D2 API Quality (error format), D8 Reliability (retry guidance), and D9 Agent Experience (self-correction ability). Fixing error responses alone can lift a score by 8 to 15 points.
Key insight from AgentHermes scoring: A 401 Unauthorized response with a structured JSON body scores 87% of the value of a successful 200 response for the D7 Security dimension. The agent knows the endpoint exists, authentication is required, and the response format is machine-readable. That is enormously more useful than no API at all.
The Agent-Ready Error Format
Every error response your API returns should follow this structure. AgentHermes checks for these fields during scans and awards points for each one present.
{
"error": "short_error_type",
"code": "MACHINE_READABLE_CODE",
"message": "Human-readable explanation",
"details": [
{ "field": "email", "issue": "invalid format", "expected": "valid email" }
],
"retry": true,
"retry_after_seconds": 30,
"docs_url": "https://docs.example.com/errors/MACHINE_READABLE_CODE",
"request_id": "req_abc123"
}errorrequiredSnake_case error type. Agent uses this for programmatic branching.
coderequiredUppercase machine code. Stable across versions — agents map these to handlers.
messagerequiredHuman-readable string. Agent may log or display this.
detailsrecommendedArray of field-level errors. Agent uses these to fix and retry the request.
retryrecommendedBoolean. Agent decides whether to retry or abandon immediately.
retry_after_secondsrecommendedInteger. Agent waits exactly this long before retrying. No guessing.
docs_urlrecommendedURL to error documentation. Agent or developer can look up resolution steps.
request_idrequiredUnique ID for this request. Essential for debugging agent-reported issues.
2xx Success Codes
Success codes are the baseline. Even here, agent-ready responses include metadata that helps agents track and correlate operations.
Request succeeded with response body
Agent receives data and proceeds. The baseline for all agent interactions.
{ "data": { ... }, "meta": { "request_id": "req_abc123", "timestamp": "2026-04-15T10:00:00Z" } }Resource created successfully
Agent confirms creation and stores the returned resource ID for future operations.
{ "data": { "id": "res_xyz789", "created_at": "..." }, "meta": { "request_id": "req_abc123" } }Action succeeded, no response body
Agent confirms success by status code alone. Used for DELETEs and updates where no data needs to return.
(empty body — agent reads status code)
3xx Redirect Codes
Redirects are where many agent integrations silently break. Most HTTP clients follow redirects automatically, but agents need to understand why a redirect happened to update their mental model of your API.
Resource URL has changed permanently
Agent must follow Location header and update its stored URL. Failure to follow = broken integration.
Location: https://api.example.com/v2/resource
{ "error": "moved_permanently", "new_url": "https://api.example.com/v2/resource" }Resource temporarily at different URL
Agent follows redirect but keeps original URL. Common in OAuth flows. Agents need to handle redirect chains.
Location: https://auth.example.com/callback (Agent follows automatically)
Cached version is still valid
Agent uses cached data. Saves bandwidth and latency. Agents that send If-None-Match headers get faster responses.
(empty body — agent uses cached version)
Same as 302 but preserves HTTP method
Agent re-sends the same request (including POST body) to the new Location. Critical for payment flows where method matters.
Location: https://api.example.com/v2/payments (Agent re-sends with same method and body)
4xx Client Error Codes
Client errors are where agent readiness is won or lost. Every 4xx response is a chance to teach the agent what went wrong and how to fix it. The D9 Agent Experience dimension weighs these heavily.
Request is malformed or missing required fields
Agent needs specific field-level errors to self-correct. HTML error pages or generic "bad request" kill agent workflows.
{ "error": "validation_error", "code": "INVALID_INPUT", "message": "2 validation errors", "details": [{ "field": "email", "issue": "invalid format" }, { "field": "amount", "issue": "must be positive" }], "request_id": "req_abc123" }Authentication missing or invalid
Agent knows it needs to authenticate. Agent-ready response tells the agent HOW to authenticate (Bearer token, API key, OAuth flow URL).
{ "error": "unauthorized", "code": "AUTH_REQUIRED", "message": "Valid API key required", "auth_methods": ["bearer_token", "api_key"], "docs_url": "https://docs.example.com/auth", "request_id": "req_abc123" }Authenticated but not authorized for this resource
Agent is logged in but lacks permission. Must tell agent which permission is missing and how to request it.
{ "error": "forbidden", "code": "INSUFFICIENT_PERMISSIONS", "message": "Requires write:orders scope", "required_scope": "write:orders", "current_scopes": ["read:orders"], "upgrade_url": "https://app.example.com/settings/api", "request_id": "req_abc123" }Resource does not exist
Agent needs to know if the resource never existed vs was deleted. Suggest alternative endpoints or search functionality.
{ "error": "not_found", "code": "RESOURCE_NOT_FOUND", "message": "Order ord_123 not found", "resource_type": "order", "suggestion": "Use GET /orders to list available orders", "request_id": "req_abc123" }HTTP method not supported on this endpoint
Agent used wrong verb. Response must include Allow header listing valid methods.
Allow: GET, POST
{ "error": "method_not_allowed", "code": "INVALID_METHOD", "message": "PATCH not supported. Use PUT for full updates.", "allowed_methods": ["GET", "POST", "PUT"], "request_id": "req_abc123" }Request conflicts with current resource state
Agent tried to create a duplicate or update stale data. Must include the conflicting field and current state.
{ "error": "conflict", "code": "DUPLICATE_RESOURCE", "message": "Email already registered", "conflicting_field": "email", "existing_resource_id": "usr_456", "request_id": "req_abc123" }Request is valid JSON but semantically wrong
Agent sent valid syntax but business logic rejected it. Needs specific business rule explanation.
{ "error": "unprocessable", "code": "BUSINESS_RULE_VIOLATION", "message": "Cannot schedule appointment in the past", "rule": "appointment_date must be > now()", "earliest_valid": "2026-04-16T09:00:00Z", "request_id": "req_abc123" }Rate limit exceeded
Agent must wait and retry. Without Retry-After header, agent guesses and hammers your API. With it, agent waits precisely.
Retry-After: 30
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1713200000
{ "error": "rate_limited", "code": "RATE_LIMIT_EXCEEDED", "message": "100 requests per minute exceeded", "retry_after_seconds": 30, "request_id": "req_abc123" }5xx Server Error Codes
Server errors test your API's resilience story. The critical fields are retry, retry_after_seconds, and status_url. Without these, an agent facing a 500 has no recovery path.
Unhandled server error
Agent cannot proceed. Must include request_id for debugging and suggest retry. Never expose stack traces.
{ "error": "internal_error", "code": "SERVER_ERROR", "message": "An unexpected error occurred", "request_id": "req_abc123", "retry": true, "retry_after_seconds": 5, "status_url": "https://status.example.com" }Upstream service returned invalid response
Agent should retry after delay. Often transient. Include which upstream is down if possible.
{ "error": "bad_gateway", "code": "UPSTREAM_ERROR", "message": "Payment processor temporarily unavailable", "retry": true, "retry_after_seconds": 10, "status_url": "https://status.example.com", "request_id": "req_abc123" }Server is down for maintenance or overloaded
Agent waits for Retry-After and tries again. Without structured response, agent abandons the workflow.
Retry-After: 300
{ "error": "service_unavailable", "code": "MAINTENANCE", "message": "Scheduled maintenance until 2026-04-15T12:00:00Z", "retry": true, "retry_after_seconds": 300, "maintenance_end": "2026-04-15T12:00:00Z", "request_id": "req_abc123" }Upstream service did not respond in time
Agent should retry with exponential backoff. Include whether the original request may have partially completed.
{ "error": "gateway_timeout", "code": "UPSTREAM_TIMEOUT", "message": "Request timed out after 30s", "retry": true, "retry_after_seconds": 15, "idempotent": true, "request_id": "req_abc123" }Implementation Checklist
Follow this checklist to make your error responses agent-ready. Each item directly impacts your AgentHermes score.
All error responses return Content-Type: application/json
+3 to D2Every error includes error, code, message, and request_id fields
+4 to D9400 responses include field-level details array
+3 to D9401 responses include auth_methods and docs_url
+2 to D7429 responses include Retry-After header and retry_after_seconds
+3 to D85xx responses include retry boolean and status_url
+3 to D8No HTML error pages returned from API endpoints
Prevents -5 D2 penaltyNo stack traces or internal details in production errors
Prevents -3 D7 penaltyHow do your error responses score?
AgentHermes scans your API endpoints and checks every error response format. Get your Agent Readiness Score in 60 seconds and see exactly which error responses need fixing.