Just straight "400" ("Bad Request") or "403" ("Forbidden") would also probably be defensible. Odd that there aren't any error response codes specific to URI parameters.

Several options which seem like they might be appropriate aren't on close examination:

- "406" ("Not Acceptable") which is based on content-negotiation headers.

- "409" ("Conflict") which is largely for WebDAV requests.

- Others such as 411, 422, and 431 are also for specific conditions which aren't relevant here.

- 300 or 500 errors are inappropriate as this isn't a relocation or server-side failure, it's a client-side request problem.

Teapot or too long seem best bets.

I think either 400 or 404 would be fine. 400 because the request isn't in the expected format, 404 because a resource with that query string doesn't exist.

I shy from 404 because the resource itself may be valid, it's the query parameters which aren't acceptable. Returning 404 could result in some remote processes, particularly Web crawlers, incorrectly marking the base resource as unavailable, which may not be desirable.

Just fire off a 200 OK with text body of "499 Bad query string"

Im not making this up btw. A old NOC I woeked at emitted every error as 200 OK with the body message with the real error. They were a real shitshow.

> 409" ("Conflict") which is largely for WebDAV requests.

I’ve always used them in API servers when a client was POSTing to create a duplicate of a unique item.

I'm willing to pay them $1 for a contact guaranteeing that they won't service such requests. That would make 451 the most appropriate.

Of course they do. For example you can lower a string from the top to query the fill level. Or you can wrap a string around the pot to query the circumference.

But I’m not a teapot. I despise tea.

You would be a very sad teapot then. :(