What HTTP status code should I return when a POST request is made to my RESTful API but the content in the POST field (let's say an XML) is invalid?
I would like to build a proper RESTful web service so I want to know.
I am now returning 405 when a HTTP method not supported by specific API is used, 200 when everything goes ok and 500 for all other errors (XML validation error etc).
Thank you.
I would respond with 400
400 Bad Request
The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.
That's what status code 422 is for.
Related
Is it possible that the status 200 is referring to the http only. Eg that it connected and authentication was correct but the post business logic itself is wrong?
If so what need to be changed to have the Status also Teton a 400 for a bad post ?
You can send only one status code, so either 200 or 400. You can send back a custom reply with code 200 and the error description in it if you want though.
I have setup a mock server in Postman.
For a request X, I have added 2 examples (responses)
200 Success Response
400 Bad request
When I use x-mock-response-code I am able to get the appropriate response.
But when I dont use the x-mock-response-code, I am always getting 400 Bad Request. I am expecting 200 by default. But its not happening.
Do I need to add some thing to example response ? I tried to change example name as Default but no use..
If your example requests are identical, Postman will deterministically return the response for one of them. There is no concept of 'default' examples at this time.
If you want a particular response to be returned, make sure your example requests are not identical and only one example request matches the request you are sending.
Or use the x-mock-response-code header as you are already doing.
I have a web service that requires authentication for GET request. Now for Options method we know that authentication is not requiref. But if someone still pass the authentication for Options method then what should be the http error code that we should returned?
Preflight request are meant for the browser to go ahead with actual request if http status code of OPTIONS are in 2XX series.
So for most cases go ahead with any of the HTTP status code 200 , 204.
For about CORS - https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
I'm developing a RESTful application that integrates with other webservices.
My question is, which HTTP status should I return if my client posts data that is invalid for one of those webservices? For example, if it posts a name that is invalid for a webservice that my application uses, which of the 4** status codes should I return, considering it's a user input error?
Some considerations I've made, and why I'm not comfortable of using them:
400: The data is invalid, but not the request format itself
403: The server is not refusing to respond, although the data is invalid
406: The error is in a provided parameter, not in the "accept" header
412: The error has nothing to do with "If-Match" header
So, what would you use in this case?
Stick with 400, or have a look at 422 (which may be close to what you need).
In real life, HTTP status codes for REST and other web services can be vague and hard to clearly specify. Things also get interesting if your client is actually talking to a proxy server and that proxy sends back its own status. If there's a problem in your web service (perhaps below your app) you may just get 500.
In the past I would opt for returning 200 and using your own JSON-or-whatever structure for returning error information for your client.
I'm implementing an API. The API accepts/returns JSON content type.
Now, suppose that the data submitted by some POST request is not valid, like a missing attribute, or a duplication exists for the same data.
What is the standard HTML response code in that case?
The error lies on the client side, so you want to use a 4xx status code. I'd go with 400 - Bad Request:
The request could not be understood by
the server due to malformed syntax.
The client SHOULD NOT repeat the
request without modifications.
There are two answers:
If you have submitted a form, just return 200 - OK with HTML explaining why the object was not created.
If you have an API you should use the following
200 OK
When the request was OK and returned the proper data.
201 CREATED
The call was successful and the new object created.
400 BAD REQUEST
Invalid request URI
Invalid HTTP Header
Receiving an unsupported, nonstandard parameter
Receiving an invalid HTTP Message Body
401 UNAUTHORIZED
Authorization problems. E.g. wrong API key, etc.
403 FORBIDDEN
Properly authorized, but not allowed.
404 NOT FOUND
The resource does not exist (e.g. on Read or Update)
405 METHOD NOT ALLOWED
Use in situations that a given REST method is not allowed. E.g. a POST on a single resource, or a DELETE on the entire collection of resources.
409 CONFLICT
When an update fails, send "Conflict" to allow the client side to resolve the conflict themselves and retry.
500 INTERNAL SERVER ERROR
Internal error. This is the default code that is used for all unrecognized errors.
501 NOT IMPLEMENTED
Use for expected, but not yet implemented features.
The closest i can find would be 400 Bad Request.
As Ariejan said you should base your API in the HTTP codes already defined. If you want to send a error message the best way should be not use the HTTP message, but better include the message in the response body, JSON formatted.
422 Unprocessable Entity (see RFC 4918, Section 11.2)