Response codes

What response codes mean and how to deal with them

The Intruder API uses standard HTTP response codes to indicate the success or failure of an API request.

Response codes in the 2xx range indicate success, i.e. the request was successful.

Response codes in the 4xx range meaning something went wrong, and it was due to the information you provided (e.g., a required parameter was omitted or invalid).

If you receive a response code in the 5xx range, that means something went wrong on Intruder's end (these errors are rare).

Here's an overview of the most common response codes:

HTTP status code
200 - OKEverything worked as expected.
400 - Bad RequestThe request was unacceptable, often due to missing a required parameter.
401 - UnauthorisedThe access token provided was invalid.
403 - ForbiddenThe access token doesn't have permissions to perform the request.
404 - Not FoundThe requested resource doesn't exist.
409 - ConflictThe request conflicts with current state of an existing resource (e.g. you tried to add a target that exists already).
422 - Unprocessable EntityThe request was understood by the server understands but it was unable to process the contained instructions. (e.g. When attempting to create too many active scans)
429 - Too Many RequestsToo many requests hit the API too quickly. We recommend an exponential backoff of your requests.
500, 502, 503, 504 - Server ErrorsSomething went wrong on Intruder's end. (These are rare.)