Skip to content

405 Method Not Allowed

Description

The 405 Method Not Allowed status code indicates that the server knows the request method, but the target resource doesn't support this method for the requested URL. The server must generate an Allow header field in the response that contains a list of the target resource's currently supported methods.

This status code is commonly used when: - A client attempts to use an HTTP method (like POST, PUT, DELETE) on a resource that only supports other methods - An API endpoint supports only specific HTTP methods for a given resource - A client attempts to modify a read-only resource - The server restricts certain HTTP methods for security reasons

The 405 Method Not Allowed status differs from 501 Not Implemented in that the server recognizes the method but deliberately doesn't allow it for the specific resource, rather than not supporting the method at all.

Syntax

The server responds with a 405 Method Not Allowed status and includes an Allow header:

HTTP/1.1 405 Method Not Allowed
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Content-Length: [length in bytes]

{
  "error": "Method Not Allowed",
  "message": "The HTTP method [METHOD] is not supported for this resource"
}

Examples

REST API Example

A client attempts to use DELETE on a resource that doesn't support deletion:

Client Request: 

DELETE /api/system-settings/timezone HTTP/1.1
Host: api.example.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

Server Response: 

HTTP/1.1 405 Method Not Allowed
Allow: GET, PUT
Content-Type: application/json
Content-Length: 156

{
  "error": "Method Not Allowed",
  "message": "The DELETE method is not supported for system settings",
  "allowed_methods": ["GET", "PUT"]
}

Static Resource Example

A client attempts to POST to a static resource:

Client Request: 

POST /images/logo.png HTTP/1.1
Host: static.example.org
Content-Type: application/octet-stream
Content-Length: 1024

[Binary data]

Server Response: 

HTTP/1.1 405 Method Not Allowed
Allow: GET, HEAD, OPTIONS
Content-Type: text/html
Content-Length: 218

<!DOCTYPE html>
<html>
<head>
  <title>Method Not Allowed</title>
</head>
<body>
  <h1>405 Method Not Allowed</h1>
  <p>The POST method is not allowed for static resources.</p>
  <p>Allowed methods: GET, HEAD, OPTIONS</p>
</body>
</html>

Read-Only API Endpoint Example

A client attempts to modify a read-only API endpoint:

Client Request: 

PUT /api/statistics/monthly-views HTTP/1.1
Host: api.example.com
Content-Type: application/json
Content-Length: 45
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...

{
  "count": 5000,
  "month": "June",
  "year": 2023
}

Server Response: 

HTTP/1.1 405 Method Not Allowed
Allow: GET, OPTIONS
Content-Type: application/json
Content-Length: 172

{
  "error": "Method Not Allowed",
  "message": "The statistics endpoint is read-only",
  "allowed_methods": ["GET", "OPTIONS"],
  "documentation_url": "https://api.example.com/docs/statistics"
}

Summary

The 405 Method Not Allowed status code is an important tool for RESTful API design and web resource management. It clearly communicates to clients which HTTP methods are supported for a given resource, helping developers understand how to correctly interact with the API or web service. By including the Allow header, servers provide immediate guidance on which methods are permitted, reducing the need for trial and error or documentation lookups. This status code helps enforce the constraints of REST architectural style and maintains the integrity of resource representations.