Example HTTP Response
HTTP/1.1 423 Locked
Content-Type: application/xml
<error><lock-token-submitted/></error>- WebDAV resource locked for editing
- File locked by another user
- Resource under exclusive access
What does this mean?
Someone else has the keys! This resource is locked by another process. Wait your turn!
Technical Definition
The resource that is being accessed is locked.
RFC Says
"The 423 (Locked) status code means the source or destination resource of a method is locked. This response SHOULD contain an appropriate precondition or postcondition code, such as 'lock-token-submitted' or 'no-conflicting-lock'."
Plain English:
423 means 'This resource is locked and you can't modify it right now.' This comes from WebDAV and is used when a resource has an exclusive lock. Someone (possibly you in another session) needs to release the lock before you can make changes.
Common Misinterpretation
Don't use 423 for general access control - use 403 for that. Use 423 only if you've implemented a proper locking mechanism (like WebDAV locks or pessimistic locking). For most REST APIs, optimistic locking with 409 or 412 is more appropriate than locks with 423.
Ready-to-use code for returning this HTTP status in your application:
// Express.js
app.get('/example', (req, res) => {
res.status(423).json({
error: 'Locked',
message: 'Your error message here'
});
});
// Native HTTP
const http = require('http');
http.createServer((req, res) => {
res.writeHead(423, { 'Content-Type': 'application/json' });
res.end(JSON.stringify({
error: 'Locked',
message: 'Your error message here'
}));
}).listen(3000);