Changed GraphQL API status code on invalid input | HTTP API

Changed GraphQL API status code on invalid input

29 January 2026

Composable Commerce

HTTP API

Enhancement

GraphQL

To comply with the GraphQL over HTTP specification, the GraphQL API now returns HTTP status code 400 Bad Request for queries containing invalid input. Previously, these queries returned 200 OK with errors in the response body.

This change improves observability by making it easier to detect and monitor invalid GraphQL queries. Monitoring tools can now flag these queries as errors based on the HTTP status code.

Queries that return an InvalidInput error are affected. This includes queries with values that exceed allowed limits, invalid argument values, or other input validation failures.

For example, specifying a limit value that exceeds the maximum allowed:

GraphQL query with limit value higher than allowedgraphql

{
  products(limit: 501) {
    results {
      id
    }
  }
}

GraphQL response with InvalidInput error and 400 Bad Request status codejson

{
  "data": null,
  "errors": [
    {
      "message": "Malformed parameter: limit: The limit parameter must be in the range of [0..500]",
      "path": ["products"],
      "locations": [{ "line": 2, "column": 3 }],
      "extensions": {
        "code": "InvalidInput"
      }
    }
  ]
}

Review your GraphQL client implementation to ensure it can correctly handle 400 Bad Request responses. If your application logic strictly expects a 200 OK status code to process GraphQL responses, your application might not work as expected.

Changes:

[GraphQL API] Changed HTTP status code from 200 OK to 400 Bad Request for queries with InvalidInput errors.