HTTP

Status Code

405 Method Not Allowed

Learn what 405 Method Not Allowed means when HTTP methods are rejected. Understand the Allow header, proper API design, and how to handle method restrictions.

3 min read beginner Try in Playground
#status-codes #client-error #4xx

What is a 405 Error?

TL;DR: 405 Method Not Allowed means wrong HTTP method for this endpoint. Check the Allow header for supported methods.

A 405 Method Not Allowed status code means you’re using the wrong HTTP method for a specific resource. Think of it like trying to withdraw money from an ATM by inserting your card upside down—the machine recognizes your card (the resource exists), but you’re not using the right approach (method) to access it.

The server understands your request and the resource exists, but the HTTP method you used (GET, POST, PUT, DELETE, etc.) isn’t supported for that particular endpoint.

When Does This Happen?

You’ll encounter a 405 error in these common situations:

1. Using GET on a POST-only endpoint

You tried:    GET /api/users
But it needs: POST /api/users

2. Trying to DELETE a read-only resource

You tried:    DELETE /api/config
But it only supports: GET /api/config

3. Using PUT on a create-only endpoint

You tried:    PUT /api/orders
But it needs: POST /api/orders

4. Wrong method for file uploads

You tried:    GET /upload
But it needs: POST /upload

5. API endpoint method mismatch

You tried:    PATCH /api/users/123
But it only supports: PUT /api/users/123

Example Response

When you use the wrong HTTP method, the server responds like this:

HTTP/1.1 405 Method Not Allowed
Allow: GET, POST
Content-Type: application/json
Content-Length: 78

{"error":"Method Not Allowed","message":"Only GET and POST methods are supported"}
```text

Key parts of this response:

- **405 Method Not Allowed** - The status code and reason
- **Allow header** - Lists the methods that ARE supported
- **Content-Type** - Format of the error message
- **Body** - Helpful explanation of what went wrong

## Real-World Examples

**Example 1: User Registration**

```http
GET /api/register HTTP/1.1
Host: example.com

Response:

HTTP/1.1 405 Method Not Allowed
Allow: POST
Content-Type: application/json

{
  "error": "Method not allowed",
  "message": "User registration requires POST method",
  "allowed_methods": ["POST"]
}
```text

**Example 2: File Upload**

```http
PUT /upload HTTP/1.1
Host: fileserver.com

Response:

HTTP/1.1 405 Method Not Allowed
Allow: POST
Content-Type: application/json

{
  "error": "Method not allowed",
  "message": "File uploads must use POST method",
  "correct_usage": "POST /upload with multipart/form-data"
}
```text

## How to Fix 405 Errors

**As a Developer:**

- Check your API documentation for correct methods
- Look at the `Allow` header in the response
- Update your client code to use the right method
- Test your endpoints with tools like Postman

**As an API Designer:**

- Clearly document which methods each endpoint supports
- Return helpful error messages with correct method info
- Include the `Allow` header in 405 responses
- Consider if you need to support additional methods

## 405 vs Other Similar Codes

| Code    | Meaning                | When It Happens                                  |
| ------- | ---------------------- | ------------------------------------------------ |
| **405** | Wrong HTTP method      | Resource exists but method not allowed           |
| **404** | Resource not found     | The URL path doesn't exist                       |
| **400** | Bad request format     | Request syntax is malformed                      |
| **403** | Access forbidden       | You don't have permission (regardless of method) |
| **501** | Method not implemented | Server doesn't support this method at all        |

## Common Mistakes

**❌ Returning 404 instead of 405**

```http
Resource: /api/users exists
Method: DELETE not supported
Wrong: Return 404 (hiding that resource exists)
Right: Return 405 (resource exists, wrong method)
```text

**❌ Missing Allow header**

```http
HTTP/1.1 405 Method Not Allowed
Content-Type: application/json
← Missing: Allow header showing correct methods

✅ Correct approach

HTTP/1.1 405 Method Not Allowed
Allow: GET, POST, PUT
Content-Type: application/json

{"error": "Method not allowed", "allowed": ["GET", "POST", "PUT"]}

Try It Yourself

Visit our request builder and experiment with different methods:

  1. Set method to DELETE
  2. Set path to /api/users (if it only supports GET/POST)
  3. Click Send request
  4. Notice the 405 response with Allow header

Frequently Asked Questions

What does 405 Method Not Allowed mean?

A 405 error means the HTTP method you used (GET, POST, PUT, DELETE) is not supported for this resource. The resource exists, but you cannot access it with that method.

How do I fix a 405 error?

Check the Allow header in the response to see which methods are supported. Change your request to use one of the allowed methods. Common fix is switching from GET to POST or vice versa.

What is the difference between 405 and 404?

405 means the resource exists but the method is wrong. 404 means the resource does not exist. With 405, try a different method; with 404, check the URL.

What is the Allow header in 405 responses?

The Allow header lists the HTTP methods supported by the resource. For example, Allow: GET, POST tells you the endpoint accepts GET and POST but not PUT or DELETE.

Keep Learning

Hub

HTTP Status Codes

Browse the full index for this topic.

 Tool

Status Code Picker

Find the right status code for your API response.

 Tool

HTTP Playground

Send requests and inspect responses interactively.