409 Conflict

What 409 Conflict means

409 Conflict signals that the request cannot be completed because of a conflict with the resource's current state. Classic cases: trying to PUT a resource version that is older than the server's (lost-update protection), creating a resource that already exists with a unique-key collision, or DELETE-ing a resource that has dependents. 409 is not "permission denied" (that is 403) or "validation error" (that is 422); it is specifically about state-based conflicts.

When servers should return it: Return 409 when the request is well-formed and authorized but conflicts with current state. Always include a body explaining the conflict.

Common causes

• Optimistic concurrency control: ETag/version mismatch on PUT
• Unique constraint violation on POST (email already exists)
• DELETE on a resource with dependents (foreign key constraint)
• Two clients writing to the same resource simultaneously

How to fix 409 Conflict

• GET the latest version of the resource, merge changes, retry
• For unique-key collisions, use a different value or retrieve the existing resource
• For dependent-resource conflicts, delete the dependents first
• Implement client-side retry with conflict resolution (merge, prompt user, etc.)

Example response

curl -i -X PUT -H 'If-Match: "v1"' -d '{"name":"Ada"}' https://api.example.com/users/42

HTTP/2 409
content-type: application/json
{"error":"version conflict","current_version":"v3","your_version":"v1"}

Related status codes

More references

For a one-page reference of all HTTP status codes, see the HTTP cheat sheet. For testing API responses, try the API Tester tool. For inspecting responses on the command line, the curl cheat sheet covers the most common flags.