
---

# 📤 Response Models & Status Codes

> **Intent** → Guarantee that every API response has a **clear shape** and an **appropriate HTTP status code**.

---

## 🧾 Response Models

* Define **what the client sees** → hide internal details
* Enforce **consistent schema** across endpoints
* Use **different models** for:

  * Input (`EmployeeCreate`)
  * Output (`EmployeeOut`)
  * Messages (`Message`)
* Auto-documented in **Swagger/ReDoc**

---

## ⚡ Why Use Response Models

* Prevents leaking sensitive fields (passwords, tokens)
* Standardizes API responses → easier for frontend/mobile teams
* Adds **self-validating contracts** between client and server

---

## 🚦 Status Codes

* **200 OK** → Successful GET, PUT, DELETE (with response body)
* **201 Created** → New resource created (return representation or ID)
* **204 No Content** → Successful DELETE/PUT without body
* **400 Bad Request** → Invalid input (validation error, wrong params)
* **401 Unauthorized** → Missing/invalid credentials
* **403 Forbidden** → Valid user, but insufficient permissions
* **404 Not Found** → Resource does not exist
* **409 Conflict** → Resource already exists / state conflict
* **422 Unprocessable Entity** → Validation failed (Pydantic errors)
* **500 Internal Server Error** → Unexpected error (should be rare)

---

## ✅ Best Practices

* Always pair **response\_model** with the route → stable output
* Use **status\_code parameter** in decorators → explicit contracts
* Keep **errors structured**:

  ```json
  { "detail": "Employee not found" }
  ```
* Return **meaningful messages**, not just codes

---

## 🏁 Outcome

Clients get **predictable, validated responses** with the **right status codes**, making your API **trustworthy, self-documenting, and easy to consume**.

---
