Backend concept

HTTP Semantics

Status codes, methods, caching headers, and response meaning for backend APIs.

Practice this concept Review missed items Back to concept map

Why this matters

Clear HTTP semantics help clients retry, cache, authenticate, and recover correctly.

How to practice

Review when to use success, redirect, client error, and server error responses.

0 active misses 0 reviewed 0 games completed

Local review for this concept

No local review items for this concept yet.

Start a focused review session for HTTP Semantics.

Learning objectives

  • Map common API outcomes to precise HTTP status codes.
  • Distinguish authentication, authorization, validation, and conflict responses.
  • Recognize when success responses should include a body, a location, or no content.
  • Explain when browsers send CORS preflight requests.
  • Choose safe Access-Control headers for origins, credentials, methods, and headers.
  • Avoid common CORS mistakes such as wildcard credentials and unsafe origin reflection.

Common mistakes to avoid

  • Returning 200 OK for every API response and hiding errors inside the JSON body.
  • Using 404 Not Found for authorization failures that should be 403 Forbidden.
  • Using 500 Internal Server Error for client validation mistakes.
  • Reflecting any Origin header for sensitive authenticated APIs.
  • Combining wildcard origins with credentials.
  • Forgetting Vary: Origin when CORS responses differ by origin.

Games for HTTP Semantics

Start with the first game, then use local review history to revisit missed decisions.

APIs Beginner

HTTP Status Defender

Choose the correct HTTP status code for realistic backend scenarios and learn the response semantics behind each answer.

Time
5-8 minutes
Concept
HTTP status codes and response semantics
  • Foundations
  • HTTP
  • REST
  • status codes
Play HTTP Status Defender
APIs Intermediate

CORS Preflight Pilot

Guide browser API requests through CORS decisions covering origins, preflight, credentials, exposed headers, and cache safety.

Time
6-9 minutes
Concept
CORS, browser security boundaries, and preflight response design
  • Foundations
  • CORS
  • HTTP
  • browser security
Play CORS Preflight Pilot
APIs Beginner

API Route Builder

Design REST-style methods and routes for product requirements such as creating users, updating email, searching products, and nested comments.

Time
6-9 minutes
Concept
REST API route design
  • Foundations
  • REST
  • API design
  • routes
Play API Route Builder