News KrakenD CE v2.7 released with better rate-limiting and security options

Community Documentation

Recent changes

API Gateway Status Codes

Document updated on Jun 13, 2024

When consuming content through KrakenD, the status code returned to the client depends on the chosen configuration. Three different approaches impact status codes:

  • Use KrakenD regular endpoints to get the status codes as designed by KrakenD
  • Return the status code as provided by your backend server (see the no-op encoding)
  • Use custom logic to set specific status codes

Default status codes of KrakenD endpoints

The following status codes are the ones returned by the gateway. When you use no-op in the output_encoding, the user can receive any status code from your backend. These are the status codes that KrakenD can use to reply. If you see a different one in the list, then the status code is not generated on KrakenD :

Status CodeWhen
200 OKAt least one backend returned a 200 or 201 status code on time. Completeness information provided by the X-Krakend-Completed header
301 RedirectWhen the router adds a missing slash to the endpoint and similar cases.
400 Bad RequestClient made a malformed request, i.e. json-schema validation failed, or problems when signing a token
401 UnauthorizedClient sent an invalid JWT token or its claims
403 ForbiddenThe user is allowed to use the API, but not the resource, e.g.: Insufficient JWT role, or bot detector banned it
404 Not FoundThe requested endpoint is not configured on KrakenD
405 Method Not AllowedYou have requested an endpoint that exists but not for the requested method (e.g.: you declared a GET but the request had a POST)
429 Too Many RequestsThe client reached the rate limit for the endpoint
503 Service UnavailableAll clients together reached the configured global rate limit for the endpoint
500 Internal Server ErrorDefault error code, and in general, when backends return any status above 400
502 Bad GatewayError returned to the user when a WebSockets connection to the backend is gone after exhausting all retries

Why does KrakenD treat errors like a 500 Internal Server Error by default?

In most cases, when there isn’t a happy path, you’ll see KrakenD returning a 500 Internal Server Error. When KrakenD needs to combine in the final gateway response, there is no way to properly distinguish the status code from the backend and the one from the gateway itself. That’s why all errors external to KrakenD are translated into a 500 Internal Server Error.

To offer a gracefully degraded service when some backends fail, we leave the decision to the client on what to do by adding the header X-Krakend-Completed: false (some backends succeeded, others don’t) and also by adding the detailed errors feature.

Returning the status codes of the backend

If you need to return the content of a backend service as is, then the no-op encoding will proxy the client call to the backend service without any manipulation. When the backend produces the response, it’s passed back to the client, preserving its form: body, headers, status codes, and such.

An exception to this behavior is 30x responses, which will be followed by the gateway even with no-op encoding. If your backend returns a 301 the client won’t follow it, but the gateway will (Enterprise can change this)

Returning other status codes

Default status codes can be overridden per endpoint following different implementations.

  • Using no-operation: When your call is not idempotent (i.e., a write operation), and you want the client to receive whatever the backend is responding.
  • Using a Lua script: To write in the configuration any logic, you need to evaluate and return a custom_error, with any status code of your choice.
  • As custom_error will end the pipe execution. If you just want to alter the status code, you can (in a no-op pipe) use the statusCode dynamic helper on the response.


Unresolved issues?

The documentation is only a piece of the help you can get! Whether you are looking for Open Source or Enterprise support, see more support channels that can help you.