Other than the humor in it, makes you wonder why they'd pick 418. It does sometimes feel like some errors are missing from the http codes, prompting developers to either create their own, or repurpose some, like 418, where they feel relatively safe that it won't conflict with something.
It never ceases to amaze how http status codes can be misused. My favorite is still the customer who had built a service that would return "200 OK" and then in the response just be the text "500". We had asked if they could return a 500 error, if there was an error in the API, rather than a 200, so they swapped out the 200 in the response, but not the headers. "200 Created" is also up there, in terms of developers with limited understanding or weird framework limitations.
There are definitely missing codes, which is why sometimes the WebDAV status additions get used in purported RESTful APIs—which is semantically wrong, but often carries a lot of helpful meaning. For example, things like 422: Unprocessable Content or 423: Locked are really helpful to convey meaning, but not available in plain HTTP.
I honestly would have thought 400 Bad Request would cover that? Might be too generic though. Is "422" "ok, I admit it's formatted correctly, but I can't process it for some higher-level reason than syntax"?
(Just reading through 4xx codes, and I think I need to use 410 Gone a lot more often. Does anyone know if search engines treat 404 and 410 differently?)
The issue I have with 400 Bad Request is that it's very broad. The request might actually be fine, but the data posted is not. Now you could argue that it doesn't matter why the request is bad, formatting, protocol or data, 400 for everything. It just feels a lot like throwing a generic Exception and attempting to convey the details in the message body.
From personal experience search engines don’t honor 404 or 410.
I switched much of my personal site to returning 410 over a decade ago and Googlebot still returns on a routine basis re-requesting a document that hasn’t been on the site since 2012.
Out of paranoia I just checked and yeah, GoogleBot actual (and not the dozens of fakes) requested each 410'd URL at least once a month, some URLs get multiple requests per month. All have been marked 410 since 2014 or earlier.
> Is "422" "ok, I admit it's formatted correctly, but I can't process it for some higher-level reason than syntax"?
That is my understanding. Something to say that the request is understood as an HTTP request (therefore not 400) but the server doesn't know what to do with it, usually in the context of a POST, or it's otherwise invalid for processing.
It never ceases to amaze how http status codes can be misused. My favorite is still the customer who had built a service that would return "200 OK" and then in the response just be the text "500". We had asked if they could return a 500 error, if there was an error in the API, rather than a 200, so they swapped out the 200 in the response, but not the headers. "200 Created" is also up there, in terms of developers with limited understanding or weird framework limitations.