HTTP status code

The HTTP 405 status code stands for "Method Not Allowed". It is a client error response indicating that the request method is not supported for the targeted resource.

When is HTTP 405 Used?

• When a client uses an invalid HTTP method for a specific resource.
• When the server intentionally restricts certain methods (e.g., DELETE or PUT).
• When an API only allows specific methods like GET or POST.

Common Causes of HTTP 405 Errors

• API misuse: Sending a POST request to an endpoint that only accepts GET.
• Misconfigured routes: The server doesn't handle the specified method.
• Security restrictions: The server blocks certain methods (e.g., PUT, DELETE).

Example Scenarios

• Sending a DELETE request to a read-only API.
• Using POST on a static website where only GET is allowed.
• Attempting to PUT data to an endpoint that only accepts GET and POST.

Example

Client Request (Invalid Method)

    
        DELETE /users/123 HTTP/1.1
        Host: example.com
    

Server Response (405 Method Not Allowed)

    
        HTTP/1.1 405 Method Not Allowed
        Allow: GET, POST
        Content-Type: application/json

        { "error": "The DELETE method is not allowed for this resource." }
    

Key Header: Allow

• The Allow header in the response specifies which HTTP methods are permitted.
• In the example above, GET and POST are the only allowed methods.

Best Practices for Handling HTTP 405

• Verify API documentation to use the correct HTTP methods.
• Implement clear error messages to guide clients toward the correct method.
• Use server-side validation to restrict or permit methods as needed.

Summary

HTTP 405 indicates that the request method is not supported by the server for the targeted resource. It often occurs in APIs with restricted methods or when using the wrong HTTP method.