What are the benefits of HTTP statuses compared to custom JSON based protocol?

An error code is an error code no matter how you return it. You will always have to check the response and interpret if what you got back is an error or not. So, at least conceptually, sending errors as HTTP status codes is the same as sending them in a JSON blob.

Practically though, they aren't the same. So many things are already built to understand HTTP codes that aren't built to understand your custom JSON errors. For example:

• Libraries. In .Net for example, HTTP response objects have a IsSuccessStatusCode property. It looks to see if the response code is in the 2xx range and returns true if it is. While checking for your own error codes here isn't a big deal if you are doing this yourself, any libraries that build on top of IsSuccessStatusCode aren't going to work properly for you. This could mean a lot more custom coding for you that you wouldn't have to do otherwise.
• Monitoring tools. I've used NewRelic to monitor my company's applications. It automatically understands that 2xx return codes are successes and 4xx and 5xx codes are errors and it can act on those appropriately (generate reports, send alert emails, etc.). As far as I know there isn't a way to get it to understand JSON errors the same way it understands HTTP error codes. If this is something you need (and if not, why aren't you monitoring your apps?), there's likely to be some custom coding involved or having to roll your own solution.
• Infrastructure. At jobs where I've used auto-scaling groups for our applications (in something like AWS for example), the load balancers and controllers all understand HTTP response codes. A 200 response on a health check endpoint means things are good, a 500 response means something is broken and a host might need to be replaced. Again, I believe there are ways of making some of these kinds of services understand the JSON responses. Some things might not. And if they don't and you need these services, you've got a problem on your hands.
• Browsers. Browsers understand and can handle HTTP response codes. They automatically redirect on 302s, can open challenge dialogs on 401s (sometimes), etc. They won't know what to do with your JSON responses, so you'll have to handle it all yourself.

I'm sure there are plenty of other examples of things you might use that understand HTTP codes that won't handle JSON errors as well.

One other thing to consider is designing for the principle of least surprise. Any developer with any experience with web apis is going to understand and expect HTTP response codes. If your api is meant to be consumed by 3rd parties, they will expect those codes as well. While having them use JSON errors isn't going to be a huge cognitive burden, it's just one more oddball thing that they have to deal with for your api. And one more thing they probably have to do some custom coding to consume your api (different error checking code and all that), which makes your api just a little more difficult to use.

Finally, I'd ask this. If there's already a well defined, well understood and well implemented standard that handles describing errors, why are you trying to re-invent the wheel? What significant advantage does your protocol give you that HTTP codes don't? Can you get that same benefit working within the HTTP spec and avoiding all that extra work?

This is one of those things that can turn into a holy war so the larger context of this answer is that you should focus on practical implications.

The main argument for using the HTTP status codes is that they are (mostly) well-defined and if you use them as defined, you don't need to communicate that information to the users of your services. From the client perspective, if you have to work with a bunch of APIs written by different people, it can be nice to not have to write code for every service provider's implementation. The question is whether these codes really deliver on that promise.

Some codes are readily understood. For example, 200 codes indicate success. That allows pretty much any library to treat non-200 codes as alternate paths. If you use 200 for everything, you have forced the caller to implement that themselves. Sure, you can do that and I've used ones that do. But why? I've never used such an API and thought: "Awesome! It returned a success code but I can see in the response that there's an error!" To be brutally honest, my first thought in those situations is "OK, here we go again. Another clown-town operation." Are you going to create your own code set and document them? As a client it really sucks to have parse message responses to try to determine what happened. I really don't see how this is an Occam's razor argument. Maybe the idea is that it's simple for you as the API author but you are putting burden on the clients. I'm not sure it's really simpler for you either.

On the other hand there are some codes that are highly contentious. 404 is 'not found' but does that mean you goofed up the endpoint path or that the resource referenced doesn't exist? There are strong opinions on both sides. But I don't think that means we throw the baby out with the bath water. Choose a side and document it. In addition, there are a lot of things that the standard HTTP codes can't convey. It's nearly guaranteed that you will need to build some customization into your responses for both success and errors.

You aren't going to make everyone happy but IMO not using return codes is a way to make most everyone (in your client base) unhappy. I don't know if you know much about the client base or not but I would also caution that there are a lot of developers that will assume that if you return 200 and their library doesn't throw an exception (or whatever), the call was successful.