A 409 error code means your request conflicts with the resource’s current state, so the server won’t apply the change as sent.
A 409 is one of those responses that feels rude until you realize it’s doing you a favor. The server is telling you it understood the request, but applying it right now would create a clash.
This page walks you through what the 409 Error Code is, why it shows up, and the fixes that tend to work in real apps. You’ll get quick checks for regular users, then deeper steps for developers who own the endpoint.
What A 409 Conflict Means In Plain English
In HTTP, 409 maps to “Conflict.” The request is valid, but it collides with the current state of the target resource. That state could be a record in a database, a file in a repo, a cart in an ecommerce system, or a document you’re editing with someone else.
Think of it as the server saying, “I can’t accept that exact change because it doesn’t match what exists right now.” It’s a state problem.
Where You’ll See It Most
- Updating A Resource — You send a PUT/PATCH based on an older copy, and the server sees a newer version already saved.
- Creating A Duplicate — You POST something that must be unique (email, slug, order number), and that value already exists.
- Merging Or Writing Files — Git and file APIs reject a write when the base revision changed, or when the merge can’t be applied cleanly.
- Workflow State Collisions — You try to cancel an order that already shipped, or refund a charge that’s already refunded.
The HTTP spec keeps the definition broad on purpose. Each API can define what “conflict” means for its own rules, but the theme stays the same: your request and the server’s current truth don’t line up.
Fixing A 409 Conflict On Websites And APIs
If you’re seeing a 409 in a browser, it can feel random. In many cases, it’s just stale state in the page, a cached request, or a form being submitted twice.
Fast Checks For Everyday Users
- Reload The Page — Refresh to pull the latest version of the resource before you retry the action.
- Retry Once, Slowly — Double clicks and back-button resubmits can fire two requests; wait for one to finish.
- Sign Out And Back In — A token refresh can resync state when a session is half-expired or out of sync.
- Clear Site Data For That Domain — Remove cached data and cookies for the site, then try again with a clean state.
- Try A Private Window — Incognito mode skips extensions and uses fresh storage, which can rule out local interference.
If the action involves a shared item, open it in a new tab and confirm it still matches what you’re trying to do. A 409 often pops when the item changed between “open” and “save.”
Common 409 Conflict Triggers You Can Recognize
When you can name the trigger, the fix becomes less guessy.
| What’s Clashing | Where It Shows Up | Move That Often Works |
|---|---|---|
| Stale version | Docs, profiles, tickets | Fetch latest, reapply edits |
| Duplicate unique field | Signups, slugs, SKUs | Pick a new value, retry |
| State mismatch | Orders, refunds, bookings | Re-check status, then act |
| Concurrent writers | Queues, inventory, carts | Retry with backoff |
| Revision drift | Git, content APIs | Pull latest sha, retry write |
Stale Edits And Version Drift
This is the classic: you load “version A,” you edit for a while, then you save. Someone else saved “version B” in the middle. The server blocks your write so it doesn’t silently overwrite newer data.
Many APIs solve this with version checks using ETags, plus preconditions like If-Match. If you don’t send the version token the server expects, it can reject the write so the client refreshes first.
Duplicates And Retry Collisions
Some endpoints treat a second “create” as a conflict, especially when the client retries without an idempotency token. You’ll see this when the first request actually succeeded, but the response got lost, so the client repeats the create.
In checkout flows, a 409 can show up when an order number, coupon, or inventory reservation already exists and can’t be reserved twice.
Workflow State Collisions
Apps that model rules as states often use 409 to block actions that don’t fit the current state. Canceling an already shipped order is a conflict. Editing a closed ticket is a conflict. Booking a time slot that was taken seconds ago is a conflict.
409 Error Code Troubleshooting Checklist
This checklist is written for people who can reproduce the issue and want to get it fixed without guesswork. Work top to bottom. Stop once the 409 disappears and stays gone.
- Capture The Full Response — Note the URL, method, status, and the response body since APIs often explain the conflict in JSON.
- Confirm The Resource — Verify the ID in the path, then confirm you’re not mixing staging and production hosts.
- Fetch The Latest Version — GET the resource again right before the write, then apply your changes to that fresh copy.
- Check For A Version Token — Look for an ETag header or a revision field, then send it back with If-Match or the API’s concurrency field.
- Search For Duplicate Creates — Check logs for a prior successful POST, then add an idempotency token or switch to PUT with a client-generated ID.
- Look For Competing Writers — See if a job runner, webhook, or another client updates the same record at the same time.
- Retry With Backoff — If the conflict is timing-related, retry after a short delay and add jitter so clients don’t collide again.
- Return A Clear Message — Show what changed and how to recover, like “This item was updated in another tab. Reload to continue.”
Developer Fixes That Stop Repeat Conflicts
If you own the endpoint, your goal is simple: keep data safe, keep clients from guessing, and make the conflict resolvable. A 409 Error Code is not “bad,” but a vague 409 is a time sink.
Use ETags For Optimistic Concurrency
ETags give clients a way to prove they’re updating the version they last read. When the tag doesn’t match, reject the write and return details so the client can refresh and retry.
- Return An ETag — Send an ETag on GET responses for versioned resources.
- Require If-Match — Ask clients to include If-Match on PUT/PATCH for safe updates.
- Explain The Mismatch — Include an error body that names the stale version or the conflicting field.
Add Idempotency For Creates
Conflicts from duplicate creates often come from retries. If you accept payment, create orders, or fire side effects, idempotency tokens help keep retries safe.
- Accept An Idempotency Token — Store the token with the created resource or response signature.
- Return The Prior Result — On a repeated token, respond with the original success payload.
- Set A Retention Window — Keep tokens long enough to cover real retry behavior from clients and gateways.
Choose 409 Vs 412 With A Single Rule
Not every “version mismatch” needs to be a 409. If your API requires a precondition header and it fails, 412 (Precondition Failed) can be a cleaner signal. Many teams still use 409 for both cases, so the win is consistency and a clear message.
Make Merge Conflicts Actionable
Git-flavored 409s show up when the server can’t merge changes cleanly, or when the file you’re updating is based on an older sha. If the client can resolve it, return the latest sha and the conflicting areas. If the client can’t, give a direct next step, like “pull, merge, push, then retry.”
How To Keep 409s From Coming Back
Once the immediate fire is out, a little prevention work saves hours later.
Design Client Flows Around Fresh Reads
- Refresh Before Save — Re-fetch the resource when an edit screen has been open for a while.
- Warn On Multi-Tab Editing — Detect the same user editing the same item in two tabs and prompt them to close one.
- Show What Changed — If a conflict happens, show a diff or show the fields that changed since the last read.
Handle Retries Like A First-Class Feature
- Use Backoff And Jitter — Randomize retry timing so concurrent clients don’t collide again.
- Keep Writes Small — Make write requests tight so the window for collisions is shorter.
- Log Conflict Details — Capture version numbers and callers so you can see which flows trigger conflicts.
Point Readers To Canonical Definitions
If you’re writing internal docs, link the team to the shared meaning of 409 Conflict, then add your API’s own rules on top. These two references are a solid starting point:
- Read The HTTP Spec Entry — Use the RFC 9110 section for 409 Conflict as the baseline definition.
- Check The MDN Reference — Use MDN’s 409 Conflict page for developer-friendly wording and examples.
When the message is clear and the recovery path is baked into the UI, a 409 stops being a blocker. It becomes a guardrail that prevents overwrites and duplicates.