diff --git a/core/modules/jsonapi/src/Normalizer/HttpExceptionNormalizer.php b/core/modules/jsonapi/src/Normalizer/HttpExceptionNormalizer.php
index 7737ce00cf82e49bee2a76f4f5199c853b7c2ab1..461381581515d9e15fb55023ce67cd553a42b7a1 100644
--- a/core/modules/jsonapi/src/Normalizer/HttpExceptionNormalizer.php
+++ b/core/modules/jsonapi/src/Normalizer/HttpExceptionNormalizer.php
@@ -87,7 +87,7 @@ protected function buildErrorObjects(HttpException $exception) {
     // Exceptions thrown without an explicitly defined code get assigned zero by
     // default. Since this is no helpful information, omit it.
     if ($exception->getCode() !== 0) {
-      $error['code'] = $exception->getCode();
+      $error['code'] = (string) $exception->getCode();
     }
     if ($this->currentUser->hasPermission('access site reports')) {
       // The following information may contain sensitive information. Only show
diff --git a/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php b/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php
index b85f58e10e95c3cdb3136861b358b6730caf6b41..1e43522591e2d06d6f75d68d6d5e60c71901d47f 100644
--- a/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php
+++ b/core/modules/jsonapi/tests/src/Unit/Normalizer/HttpExceptionNormalizerTest.php
@@ -36,8 +36,8 @@ public function testNormalize() {
     $error = $normalized[0];
     $this->assertNotEmpty($error['meta']);
     $this->assertNotEmpty($error['source']);
-    $this->assertEquals(13, $error['code']);
-    $this->assertEquals(403, $error['status']);
+    $this->assertSame('13', $error['code']);
+    $this->assertSame('403', $error['status']);
     $this->assertEquals('Forbidden', $error['title']);
     $this->assertEquals('lorem', $error['detail']);
     $this->assertArrayHasKey('trace', $error['meta']);