423 Locked

HTTP response status code 423 Locked is a client error returned by the server to indicate the target file or folder is locked.

Table of Contents

Usage

The 423 Locked error is part of Webdav, used as a file system over HTTP. Clients have the option to LOCK or UNLOCK files and if a client attempts to modify a locked resource, this is the error returned by the server.

When a lock is first granted by a server, the Lock-Token response header is sent to the client, usable later to unlock the resource or refresh the lock.

As part of the response, the server includes an appropriate precondition or post-condition code to help guide the client. This might include lock-token-submitted or no-conflicting-lock.

Outside Webdav, some platforms reuse 423 to signal account-level lockouts. The Shopify API returns 423 Locked when a shop is locked due to repeated API rate limit violations or an outstanding account balance. The shop owner must resolve the issue through the Shopify partner dashboard before API access is restored. This usage has no relation to file locking.

SEO impact

Search engines like Google will not index a URL with a 423 Locked response status. URLs previously indexed returning this status code will be removed from search results.

Example

The client attempts to upload a file to the target folder. The folder is locked, so the operation is not allowed and the 423 Locked error is returned. In the subsequent request, the client asks the resource be unlocked by including the Lock-Token as part of the If request header.

The request succeeds because there was only one lock on the folder at the time. A successful UNLOCK only means the lock referred to by the specified Lock-Token has been removed. Other locks still remain in use and return 423 Locked again.

Initial request

PUT /documents/ HTTP/1.1
Host: www.example.re
Content-Type: application/pdf
Content-Length: 10000

<PDF file transferred>

Initial response

HTTP/1.1 423 Locked
Content-Type: application/xml
Content-Length: 163

<?xml version="1.0" encoding="utf-8" ?>
<d:error xmlns:d="DAV:">
  <d:lock-token-submitted>
    <d:href>/documents/</d:href>
  </d:lock-token-submitted>
</d:error>

Second request, incorporating unlock request

PUT /documents/ HTTP/1.1
Host: www.example.re
Content-Type: application/pdf
Content-Length: 10000
If: (<urn:uuid:123…789>)

<PDF file transferred>

Final response

HTTP/1.1 204 No Content

How to fix

Check the response body for the precondition code. A lock-token-submitted error means the request lacked the required lock token. A no-conflicting-lock error means another lock prevents access.

If the lock belongs to the same client session, include the Lock-Token value in an If request header and re-send the request. The server validates the token and allows the modification.

If a different user or process holds the lock, wait for the lock to expire or contact the lock owner. Lock timeouts are configurable on the Webdav server. Review the Timeout header value returned when the lock was originally granted to determine how long the lock persists.

For SharePoint and Office Online environments, files locked by desktop applications remain locked until the application closes or a configurable timeout elapses. An administrator releases stale locks through the SharePoint management interface.

Send an UNLOCK request with the matching Lock-Token to explicitly release a lock. A successful unlock removes only the specified lock. Other locks on the same resource remain active and continue to trigger this error.

On the server side, set reasonable lock timeouts to prevent abandoned locks from blocking other clients indefinitely. The WebDAV specification recommends servers enforce timeout limits rather than granting infinite locks.

For Shopify API consumers, a 423 means the shop itself is locked. Resolve any outstanding balance through the partner dashboard or contact Shopify support to restore API access.

Code references

.NET

HttpStatusCode.Locked

Rust

http::StatusCode::LOCKED

Rails

:locked

Go

http.StatusLocked

Symfony

Response::HTTP_LOCKED

Python3.5+

http.HTTPStatus.LOCKED

Apache HttpComponents Core

org.apache.hc.core5.http.HttpStatus.SC_LOCKED

Angular

@angular/common/http/HttpStatusCode.Locked

Takeaway

The 423 Locked status code is a client error generated by the server when conflicting access is required to a locked resource. The client tries again when the resource is unlocked. The client is capable of unlocking the resource, or the lock timer expires.

See also

Last updated: March 6, 2026