Menu
I have seen the list of all HTTP status codes. However to me it looks like there is no code for "email not verified" (used for authentication/authorization). Did you ever had the same "problem"? What HTTP status code did you use?
I guess it should be a code starting with a 4 as it's a "client error".
351
Status Code 200 – This is the standard “OK” status code for a successful HTTP request. The response that is returned is dependent on the request. For example, for a GET request, the response will be included in the message body.
When a browser requests a service from a web server, an error might occur, and the server might return an error code like "404 Not Found". It is common to name these errors HTML error messages. But these messages are something called HTTP status messages. In fact, the server always returns a message for every request.
Creating your own exception classes Important: An uncaught exception in your application results in an HTTP 503 error from your Cloud Endpoints API, unless it extends com. google. api. server.
The 4xx class of status code is intended for situations in which the client seems to have erred:
6.5. Client Error 4xx
The
4xx(Client Error) class of status code indicates that the client seems to have erred. Except when responding to aHEADrequest, the server SHOULD send a representation containing an explanation of the error situation, and whether it is a temporary or permanent condition. These status codes are applicable to any request method. User agents SHOULD display any included representation to the user.
For authentication and authorization, 401 and 403 are the proper status codes to be used, respectively. Regardless of the status code, you should always describe that reason of the error in the response payload.
401 UnauthorizedUse this status code for problems with HTTP authentication, that is, invalid credentials.
3.1. 401 Unauthorized
The
401(Unauthorized) status code indicates that the request has not been applied because it lacks valid authentication credentials for the target resource. The server generating a401response MUST send aWWW-Authenticateheader field containing at least one challenge applicable to the target resource.If the request included authentication credentials, then the
401response indicates that authorization has been refused for those credentials. The user agent MAY repeat the request with a new or replacedAuthorizationheader field. If the401response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user agent SHOULD present the enclosed representation to the user, since it usually contains relevant diagnostic information.
403 ForbiddenUse this status code for problems with authorization, that is, the credentials are valid but they are insufficient to grant access.
6.5.3. 403 Forbidden
The
403(Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).If authentication credentials were provided in the request, the server considers them insufficient to grant access. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, a request might be forbidden for reasons unrelated to the credentials. [...]
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
