Validation of a user registration request should return 200 or 400

Question

The client sends a perfectly valid request for a user registration, e.g. username & password.

The server finds out that the username is already taken. What's the correct return status - 200 with an error message, or 400? The spec says:

400 implies that something was wrong with the request. The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

But technically there's nothing wrong with the request.

Answer 1

What is 'wrong' is that the request was intended to create a new user, but that failed because the username was already taken. This is definitely in the category 'client error'. Rather than seeing 'client error' as 'there is a bug', it's better to think of it was 'for one reason or another the request failed, and it's up to the client to make a correction'.

A typical error code for this specific situation might be 409 Conflict.

If you sent back 200, the client should perceive the result as "My request completed successfully", which is definitely not the case here.