Connectivity - Common Hypertext Transfer Protocol (HTTP) Status Codes
KA-07690
5
03/25/2026 20:50 PM
1.2
Introduction
This article explains common Hypertext Transfer Protocol (HTTP) status codes returned by Visa Acceptance Solutions and Cybersource Application Programming Interface (API) responses. It is intended to help merchants and developers identify whether an issue is related to request syntax, permissions, resource availability, or broader platform conditions.
This article provides general, product-agnostic guidance and is not specific to any single Cybersource or Visa Acceptance Solutions product or integration. If you are looking for product-specific error guidance, refer to the applicable articles below:
Looking for product-specific error guidance?
- For Secure Acceptance server errors and transaction reason codes, refer to: Secure Acceptance - Error Troubleshooting
- For REST API response codes, refer to: Connectivity - REST Application Programming Interface (API) Response Codes
Overview
HTTP status codes are returned by Visa Acceptance Solutions and Cybersource APIs to indicate the outcome of a request. The table below outlines commonly encountered HTTP status codes, what they mean in a general context, and recommended next steps.
Common HTTP Status Codes
| Status Code | Description | Recommended Action |
|---|---|---|
| 200 — OK | The standard response for a successful HTTP request. For a GET request, the response will contain the requested resource. For a POST request, the response will contain an entity describing or containing the result of the action. | No action required. The request was processed successfully. |
| 201 — Created | The request was fulfilled and a new resource was created successfully. If this status code is returned for a transaction that does not appear successful, the transaction may have been flagged for review, declined, or failed at a downstream stage. | Verify the transaction status through your merchant portal or API response body to confirm the outcome before taking further action. |
| 204 — No Content | The server fulfilled the request successfully but does not need to return a response body. This is common for successful DELETE operations. | No action required. The request was processed successfully. |
| 400 — Bad Request | The server could not understand the request due to invalid syntax, missing required fields, or malformed data in the request payload. | Review the request payload for syntax errors, missing fields, or invalid parameters. Correct the request before resubmitting. |
| 403 — Forbidden | The server understood the request but refused to authorize it. This generally indicates that the credentials, permissions, or access rights associated with the request are insufficient or invalid. This is not a resource availability issue — the server understood what was being requested but actively declined to fulfill it. | Verify that the credentials being used are correct and active. Confirm that the account or profile has the required permissions to perform the requested operation. If the issue persists, contact Client Services for assistance. |
| 404 — Not Found | The requested resource could not be located on the server. This may indicate that the resource identifier is incorrect, does not exist, or has never been created. | Verify that the resource identifier included in the request is correct and exists. Correct any errors and resubmit the request. |
| 409 — Conflict | The request could not be completed due to a conflict with the current state of the resource. This may occur when attempting an operation that is incompatible with the resource's existing state. | Review the current state of the resource and resolve the conflict before resubmitting the request. |
| 410 — Gone | The requested resource has been permanently removed and is no longer available. Unlike a 404 response, a 410 confirms that the resource previously existed but has since been deleted. | Do not retry the request for this resource. If the removal was unintentional, contact Client Services for assistance. |
| 424 — Failed Dependency | The request failed because a required dependency — such as a related resource or prerequisite condition — does not exist, is invalid, or could not be fulfilled. | Verify that all required dependencies referenced in the request exist and are valid before resubmitting. |
| 500 — Internal Server Error | The server encountered an unexpected condition that prevented it from fulfilling the request. This is a general server-side error and is not caused by the request itself. | Retry the request after a brief wait. If the issue persists, check the CyberSource Status Page for any known platform incidents. If no incident is reported and the error continues, contact Client Services with the timestamp and any relevant request details. |
| 502 — Bad Gateway | The server received an invalid response from an upstream server while attempting to fulfill the request. This is typically a temporary condition related to upstream service availability. | Retry the request after a brief wait. If the issue persists, check the CyberSource Status Page for any known platform incidents and contact Client Services if needed. |
Platform Incidents and Service Availability
If you are experiencing errors that may be related to a broader platform issue, service outage, or degradation — for example, repeated 5xx server errors or intermittent timeouts — subscribe to the Cybersource Status Page to receive real-time updates on API, server, and product incidents.
For step-by-step instructions on subscribing, refer to: Support – Status Page
Potential Client Questions
- I received a 403 error — does this mean my account is blocked or suspended?
- Not necessarily. A 403 Forbidden response means the server understood your request but refused to authorize it. This is most commonly caused by incorrect or expired credentials, insufficient permissions on the account or profile, or an authentication failure. Verify your credentials and access rights first. If everything appears correct and the error persists, contact Client Services for further investigation.
- I received a 201 status code but my transaction does not look successful — what does that mean?
- A 201 Created response confirms that the request was received and a resource was created, but it does not always mean the transaction was approved. The transaction may have been flagged for review, declined, or failed at a downstream stage. Review the full API response body for additional detail on the transaction outcome before taking further action.
- What is the difference between a 404 and a 410 error?
- A 404 Not Found response means the requested resource could not be located — this could be because the identifier is incorrect or the resource was never created. A 410 Gone response confirms that the resource previously existed but has since been permanently deleted. If you receive a 410, do not retry the request for that resource.
- I keep receiving 500 or 502 errors — is there a platform outage?
- Repeated 5xx errors may indicate a temporary platform issue or upstream service disruption. Check the Cybersource Status Page for real-time updates on known incidents. Refer to Support – Status Page for instructions on how to subscribe to status notifications.
- This article mentions general HTTP status codes — where can I find product-specific error guidance?
- This article covers general HTTP status codes only and is not specific to any single product or integration. For product-specific guidance, refer to the following:
- For Secure Acceptance server errors and transaction reason codes, refer to: Secure Acceptance - Error Troubleshooting
- For REST API response codes, refer to: Connectivity - REST Application Programming Interface (API) Response Codes
- This article covers general HTTP status codes only and is not specific to any single product or integration. For product-specific guidance, refer to the following:
- What should I include when contacting Client Services about an HTTP error?
- When contacting Client Services about an HTTP error, include the following to help expedite investigation:
- The HTTP status code received
- The full error message or response body if available
- The timestamp of the error
- The endpoint or operation being attempted
- Any relevant request identifiers such as a Transaction UUID or Request ID
- When contacting Client Services about an HTTP error, include the following to help expedite investigation:
Additional Resources
- Support – Status Page — Subscribe to real-time CyberSource platform and API incident notifications.
- Connectivity - REST Application Programming Interface (API) Response Codes — Full list of REST API response codes and descriptions.
- Transaction Response Codes — Cybersource Developer Center — Complete reference for transaction response codes and detailed descriptions.
Glossary
| Term | Definition |
|---|---|
| Hypertext Transfer Protocol (HTTP) | The foundational protocol used for transmitting data over the web. HTTP status codes are returned by servers to indicate the result of a client's request. |
| Application Programming Interface (API) | A set of protocols and tools that allow software applications to communicate with each other. CyberSource and Visa Acceptance Solutions use APIs to process payment requests and return responses. |
| GET Request | An HTTP request method used to retrieve data from a server without modifying it. |
| POST Request | An HTTP request method used to submit data to a server, typically resulting in the creation or modification of a resource. |
| DELETE Request | An HTTP request method used to remove a specified resource from the server. |
| 5xx Server Error | A class of HTTP status codes indicating that the server encountered an error or was unable to fulfill a valid request. These errors are server-side and are not caused |
Was this article helpful?
Articles Recommended for You