Difference between http response status code 402 and 403

Question

Friends and fellow users,

We have both 402 and 403 http response codes. Though, 402 is reserved for future use.

What is (or would be) the difference between these two. Payment not received should be equal to not authorized, shouldn't it?

EDIT:I would like to know the answers on a "Why 402 is required when we already have 403" angle.

Answer 1

403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

Dots this help?

Answer 2

The HTTP Statuscode 402 is indeed different from 403:

As it states in RFC 2616 the status code 402 is

402 Payment Required

That means the request is not generally forbidden but requires payment.

Apparently there is some work being done to make use of this reserved status code.

I think it is currently not needed (or just not used because not specified how to use) but the authors of the standard did some thought an put it in for future use which could be useful.

Answer 3

Note that missing a payment is only one reason to your server deny a request. You can get the "forbidden" status in other situations such as, invalid credentials, trying to access to a "private resource", etc...

I belive 402 exists just to give any more details about the reason to deny a request.