I have an angular application. When a user logs in, the application sends a username/token pair off to an API route on a .NET backend.
If the username/token pair doesn't exist, the .NET application adds it to the database and returns a Created()
response.
However, if the pair does exist (and it likely will), then no action is required and nothing is Created()
. In this case, what response should I return?
Alternate solution: I could run two requests against the API, one GET
to see if the user/tokan pair exists and then a POST
request if it does not, but that isn't as efficient, requires nested promises and is generally not as pretty. Maybe preferable anyway?
To fix an HTTP status code error, refer to the documentation for your server or hosting provider. The server should return a status code in the 200s for all valid URLs or a status code in the 300s for a resource that has moved to another URL.
Sometimes an HTTPS response contains an empty content when using the OpenEdge HTTP client. Sometimes an HTTPS response contains an incomplete content when using the OpenEdge HTTP client. Sometimes an HTTPS response only contains the HTTP Header when using the OpenEdge HTTP client.
HTTP status codes and the error message can give you a clue. In general, a 5xx status code can be retried, a 4xx status code should be checked first, and a 3xx or 2xx code does not need retried.
The response you want would be your choice as an API designer. I would probably do an Ok() response or NoContent() as long as the response isn't an error response.
Following on my previous answer (deleted now) but I thought I would share how I handle this case.
If you want to always start a new user session you should send a POST
. The server yields 201 created
if a new session can be started. It's up to you if there is a constraint on using duplicate tokens. This means, that the front-end only sends POST
when it knows it's going to be a new session.
If you have a user/token pair and that can be used to identify a user session resource on the server. You just need to PATCH
it to continue the session. If the patch is success the server can send 204
.
If the session is no longer valid. The server should yield 401 unauthorized
response.
These requests yield a 403 forbidden
since user sessions can not be modified by the front-end.
Don't confuse user registration and user login with user sessions. Those are different RESTfull resources with different URL end points.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With