2xx Success codes
200 OK — request succeeded, body contains the result. Standard for GET and PATCH.
201 Created — resource was created, body contains the new resource. Standard for POST. Check Location header for the new resource URL.
204 No Content — success with no response body. Standard for DELETE. Don't try to parse the body — there is none.
4xx Client error codes
400 Bad Request — your request is malformed. Check: JSON syntax, required fields, field value formats. Fix your request, not a retry situation.
401 Unauthorized — authentication failed. Token is missing, expired, or invalid. Refresh the token if using OAuth; otherwise check credentials.
403 Forbidden — authenticated but not permitted. The user/service has no ACL access to this resource. Not fixable with retry — requires permission change.
404 Not Found — the resource does not exist. The sys_id you referenced may have been deleted, or you have a URL typo.
422 Unprocessable Entity — request syntax is correct but semantic validation failed. A field value doesn't match allowed values, a reference doesn't exist, etc.
429 Too Many Requests — rate limited. Check the Retry-After header if present. Implement exponential backoff.
5xx Server error codes
500 Internal Server Error — the server crashed processing your request. Often a bug on the remote end. Log and retry with backoff.
503 Service Unavailable — service is down or overloaded. Retry with backoff, alert if persistent.
Handling in ServiceNow scripts
var response = rm.execute();
var status = response.getStatusCode();
if (status >= 200 && status < 300) {
// Success - process response
} else if (status == 401) {
// Re-authenticate
refreshOAuthToken();
} else if (status == 429) {
// Rate limited - queue for retry
gs.eventQueue('integration.retry', current, rm.getEndpoint(), '');
} else if (status >= 500) {
// Server error - log and retry
gs.error('External service error: ' + status);
} else {
// 4xx client error - log and do not retry
gs.error('Request error: ' + status + ' - ' + response.getBody());
}