HTTP 400 Bad Request — Causes, Fix & API Validation Examples
The server cannot process the request because of a client-side error: malformed syntax, invalid message framing, or deceptive request routing. The client should not repeat the request without modification.
When to Return 400
Use 400 for input validation failures: missing required fields, invalid field values, malformed JSON, invalid date formats, or business rule violations that the client could fix by changing the request.
Common Causes
- Malformed JSON body (parse error)
- Missing required request fields
- Invalid field values (wrong type, out of range)
- Invalid query parameter format
- Duplicate submission of a unique value
HTTP Response Example
HTTP/1.1 400 Bad Request
Content-Type: application/json
{"error": "Bad Request", "details": {"email": ["Invalid email address"]}}Code Examples
Express.js
import { z } from 'zod'
const CreateUserSchema = z.object({
email: z.string().email(),
name: z.string().min(1),
})
app.post('/users', (req, res) => {
const result = CreateUserSchema.safeParse(req.body)
if (!result.success) {
return res.status(400).json({
error: 'Bad Request',
details: result.error.flatten().fieldErrors,
})
}
// proceed with result.data
})Next.js App Router
// app/api/users/route.ts
import { z } from 'zod'
const schema = z.object({ email: z.string().email(), name: z.string().min(1) })
export async function POST(request: Request) {
const body = await request.json().catch(() => null)
if (!body) return Response.json({ error: 'Invalid JSON' }, { status: 400 })
const result = schema.safeParse(body)
if (!result.success) {
return Response.json(
{ error: 'Bad Request', details: result.error.flatten().fieldErrors },
{ status: 400 }
)
}
// proceed
}Related Status Codes
Frequently Asked Questions
What does HTTP 400 Bad Request mean?
The server cannot process the request because of a client-side error: malformed syntax, invalid message framing, or deceptive request routing. The client should not repeat the request without modification.
When should an API return 400?
Use 400 for input validation failures: missing required fields, invalid field values, malformed JSON, invalid date formats, or business rule violations that the client could fix by changing the request.
What causes an HTTP 400 error?
Common causes: Malformed JSON body (parse error); Missing required request fields; Invalid field values (wrong type, out of range); Invalid query parameter format; Duplicate submission of a unique value.
