client error RFC 9110
HTTP 405 Method Not Allowed
The URL exists but doesn't support the HTTP method the client used.
What it means
The route is real but the method isn't. For example, sending POST to `/users/42` when the endpoint only supports GET, PUT, and DELETE. The server must include an `Allow` header listing which methods ARE supported for that URL.
When servers send it
- •POST to a GET-only endpoint
- •PUT to a POST-only endpoint
- •Any method on a URL that only defines specific methods
What the client does
Reads the `Allow` header to find valid methods. Retries with a supported method.
Common causes
- •Frontend calling the API with the wrong verb (usually a bug)
- •Using POST for what should be PUT or PATCH
- •CORS preflight — OPTIONS request rejected because it wasn't explicitly configured
How to fix it
- 1.Check the API docs for the correct HTTP method
- 2.Read the `Allow` header in the 405 response
- 3.For CORS: add OPTIONS handler that returns 204 with `Access-Control-Allow-Methods`
Similar codes
400 Bad Request client error
Server cannot process the request due to a client-side error — malformed syntax, invalid JSON, missing required fields.
404 Not Found client error
The requested URL does not exist on this server.
501 Not Implemented server error
Server doesn't support the functionality required to fulfill the request.
401 Unauthorized client error
Authentication is required and either missing or invalid — the client is not identified.
403 Forbidden client error
Server understood who you are but refuses to authorize the request — permission denied.
← All HTTP status codes · HTTP status cheat sheet · HTTP headers reference