Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

REST API: HTTP Status code for auth violation

Tags:

rest

http

I'm implementing a REST API and the auth module is based on JWT. Here below are the HTTP status codes I've defined for it:

  • Request without auth token: 401 UNAUTHORIZED
  • Auth token expired: 410 UNAUTHORIZED
  • Auth token does not contain required claims: 403 FORBIDDEN
  • Auth violated (i.e. token was tampered): ???

In case of token tampering, what HTTP status code should I use? 401 (UNAUTHORIZED or 417 (EXPECTATION_FAILED)?

like image 995
j3d Avatar asked Oct 21 '22 11:10

j3d

1 Answers

How can you tell if the token was tampered with? It seems to me that you can only know if it's correct or incorrect. Somebody trying to use an invalid token would seem to me to be UNAUTHORIZED. EXPECTATION_FAILED refers specifically to the Expect header, which doesn't seem appropriate here.

like image 149
Eric Stein Avatar answered Oct 23 '22 01:10

Eric Stein
Sign in to Comment

Related questions

Is this an AngularJS service masquerading as a factory?
why does http use CRLF as line delimiter?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!