This is definitely a 4xx error, as the information provided by the client is the source of the problem.
Since we are dealing with semantic issues, HTTP 1.1 WebDAV 422 is the best answer code:
422 Unprocessable Entity (WebDAV)
The 422 (Unprocessable Entity) status code means that the server understands the content type of the request object - therefore, the 415 (Unsupported Media Type) status code is not suitable) and the syntax the request object is correct , therefore, the 400 (Bad Request) status code 400 (Bad Request) not suitable, but could not process the contained instructions. For example, this error condition may occur if the body of the XML request contains well-formed (i.e., syntactically correct), but semantically erroneous , XML instructions.
Of course, do not leave your client alone and make sure that you explain in the body of the answer why the error.
Now discuss why not other codes, first three more confusing, and then the rest:
400 Bad Request : the request could not be understood by the server due to incorrect syntax. The client SHOULD NOT repeat the request unchanged. - The syntax is in order (the request is correctly formed). Semantic error (company does not exist). In addition, the client can repeat the request
without changes at any other time (after adding the company), and it can work. So not 400.
403 Forbidden Server understood the request, but refuses to fulfill it. Authorization will not help, and the request MUST NOT be repeated: this is usually issued when the client is authenticated, but does not have permission (write, read, or other request) to the requested resource. Not 403.
404 Not Found The server did not find anything that matched the Request-URI: Note that the error is related to the
Request-URI , which is the user. This response should be sent if the
user (the one in the URI) does not exist, and not the company.
And others:
401 Unauthorized Request requires user authentication: no need to argue here.
402 Payment Required This code is reserved for future use: not here.
405 Method Not Allowed : Not about the HTTP method (
GET ,
PUT , etc.).
406 Not Acceptable : This is due to the adoption of headers.
407 Proxy Authentication Required : Associated with the proxy server.
408 Request Timeout : Obviously not.
409 Conflict : the request could not be completed due to a conflict with the current state of the resource. The current (previously saved) resource (user company) is in order on the server. Any new company is acceptable, there can be no conflict between the new and the current company, since the new one will always overwrite the current one.
410 Gone : The requested resource is no longer available on the server, and the forwarding address is not known. Nothing in common.
411 Length Required : It's about the
Content-Length header.
412 Precondition Failed : About request header fields.
413 Request Entity Too Large : Does not apply to the size of an object.
414 Request-URI Too Long : And the size of the URI.
415 Unsupported Media Type : Entity in the request is OK (the server knows JSON).
416 Requested Range Not Satisfiable : About the
Range request header.
417 Expectation Failed : About the
Expect request header.
423 Locked (WebDAV) Status code 423 (blocked) means that the source or target resource of the method is blocked: nothing is blocked here.
424 Failed Dependency (WebDAV) Status code 424 (Failed Dependency) means that this method cannot be executed on the resource because the requested action depended on another action and this action failed: there is no sequence of actions in the current context.