How to handle a "no action required" HTTP response

Question

I have an angular application. When a user logs in, the application sends a username/token pair off to an API route on a .NET backend.

If the username/token pair doesn't exist, the .NET application adds it to the database and returns a Created() response.

However, if the pair does exist (and it likely will), then no action is required and nothing is Created(). In this case, what response should I return?

Alternate solution: I could run two requests against the API, one GET to see if the user/tokan pair exists and then a POST request if it does not, but that isn't as efficient, requires nested promises and is generally not as pretty. Maybe preferable anyway?

Answer 1

The response you want would be your choice as an API designer. I would probably do an Ok() response or NoContent() as long as the response isn't an error response.

Answer 2

RESTfull user sessions

Following on my previous answer (deleted now) but I thought I would share how I handle this case.

POST => 201 created

If you want to always start a new user session you should send a POST. The server yields 201 created if a new session can be started. It's up to you if there is a constraint on using duplicate tokens. This means, that the front-end only sends POST when it knows it's going to be a new session.

PATCH => 204 no content

If you have a user/token pair and that can be used to identify a user session resource on the server. You just need to PATCH it to continue the session. If the patch is success the server can send 204.

If the session is no longer valid. The server should yield 401 unauthorized response.

GET, EDIT

These requests yield a 403 forbidden since user sessions can not be modified by the front-end.

Don't confuse user registration and user login with user sessions. Those are different RESTfull resources with different URL end points.