HTTP 405 Error: Method Not Allowed

Understanding and resolving HTTP method errors.

The HTTP 405 "Method Not Allowed" error indicates that the HTTP method used in the request (GET, POST, PUT, DELETE, etc.) is not supported by the targeted resource. The server understands the request but refuses to execute it with this method.

This error is common during REST API development when route configuration is incorrect, or when a client uses the wrong method to interact with an endpoint. The server should include an "Allow" header listing the accepted methods.

For API monitoring, 405 generally signals a configuration problem rather than an outage. However, a sudden behavior change (an endpoint that accepted POST now returning 405) merits investigation.

Main causes of 405 errors

The 405 error can come from several sources. Here are the most common:

  • Wrong HTTP method: Using POST on an endpoint that only accepts GET, or sending DELETE when only PUT is allowed.
  • Routing configuration: The framework or web server has no route defined for this URL + method combination.
  • HTML form: The form's method attribute doesn't match what the server expects (e.g., GET instead of POST).
  • Server restriction: The web server (Apache, Nginx) may block certain methods globally or for specific directories.

HTTP methods explained

Understanding HTTP methods is essential for resolving 405 errors:

  • GET: Retrieves a resource. Should not modify server state. Can be cached.
  • POST: Creates a new resource or sends data. The request body contains the data.
  • PUT / PATCH: PUT replaces a resource completely, PATCH modifies it partially. Both are idempotent.
  • DELETE: Deletes a resource. Should be idempotent (deleting twice = same result).

Resolving 405 errors

Based on the identified cause, here are the solutions to apply:

  • Check documentation: Consult the API documentation to know which methods are accepted by each endpoint.
  • Examine Allow header: The 405 response should contain an Allow header listing accepted methods (e.g., "Allow: GET, POST").
  • Fix client code: Modify your code to use the correct method. In fetch() or axios, check the method parameter.
  • Configure server: If you control the server, add the missing method to routes or server configuration.

Configuration examples

Here are examples for properly handling HTTP methods:

// JavaScript - Specify method
fetch("/api/users/123", {
    method: "DELETE"  // or GET, POST, PUT, PATCH
});

// PHP Laravel - Define routes
Route::get("/users", [UserController::class, "index"]);
Route::post("/users", [UserController::class, "store"]);
Route::put("/users/{id}", [UserController::class, "update"]);
Route::delete("/users/{id}", [UserController::class, "destroy"]);

// Express.js - Multiple routes
app.route("/users/:id")
    .get(getUser)
    .put(updateUser)
    .delete(deleteUser);

Explicitly define accepted methods for each endpoint. Use REST conventions: GET to read, POST to create, PUT/PATCH to update, DELETE to remove.

Monitoring HTTP methods

MoniTao allows testing different HTTP methods:

  • Configure method: Select GET, POST, PUT, or DELETE in the monitor configuration depending on what you're testing.
  • Test endpoints: Create separate monitors for different methods on the same endpoint if needed.
  • Detect changes: A sudden 405 on a working endpoint signals a configuration change to investigate.
  • Check Allow header: In check details, verify the Allow header lists expected methods.

REST API checklist

  • GET for retrieving resources (read)
  • POST for creating new resources
  • PUT/PATCH for modifying existing resources
  • DELETE for removing resources
  • Allow header present in 405 responses
  • Documentation of accepted methods per endpoint

Frequently asked questions about HTTP 405

How do I know which methods are allowed on an endpoint?

The 405 response should contain an "Allow" header listing accepted methods. You can also send an OPTIONS request to discover supported methods.

What's the difference between PUT and PATCH?

PUT replaces the resource completely (send all fields). PATCH modifies partially (send only fields to change). Both are idempotent.

Why does my HTML form return 405?

Check the form's method attribute (

). HTML only supports GET and POST. For PUT/DELETE, use JavaScript or a _method field.

Does 405 affect SEO?

Not directly, as Googlebot mainly uses GET. However, if your public pages return 405 on GET, they won't be indexed.

How to handle methods not supported by HTML?

HTML forms only support GET and POST. For PUT/DELETE, use JavaScript fetch/axios, or add a hidden _method field that your framework interprets.

Can I allow all methods on an endpoint?

Technically yes, but it's discouraged for security. Only allow methods necessary for each endpoint's business logic.

Conclusion

The HTTP 405 Method Not Allowed error indicates an incompatibility between the method used and those accepted by the endpoint. Good API documentation and consistent REST conventions prevent most of these errors.

MoniTao lets you configure the HTTP method for each monitor, ensuring your REST endpoints respond correctly according to expected semantics. An unexpected 405 signals a configuration change to investigate immediately.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing