A client sends the following to POST /account/register
{
"username": "user123",
"password": "pa55w0rd"
}
The server attempts to create the new account but finds that the username is already taken.
What should the most appropriate HTTP status code response be?
I'm thinking 409 Conflict
however that means the client is then aware that the username exists, which might be a security issue? Or is it simply a case of visibility based on the type of site so depends on the situation?
I'd suggest returning error 409 Conflict
:
The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With