REST: Resource in wrong state -- Which HTTP status should I return?

Question

Assume my server exposes resources wich have a state (Not approved, Approved, Auto-approved). If a resource is in state Not approved it should not be accesible to clients, i.e. clients are allowed to know about the existence of the resource (they do anyway) but should be denied access until the resource is in the correct state.

The HTTP status code should express something along the lines: "Yes, the resource you are trying to access exists, but you will have to wait until it's approved by someone. Please try again later."

What HTTP status code should be returned in this case? Returning 404 (Not found) doesn't seem right, because the resource is in fact existing. Status code 412 (Precondition failed) sounds about right, but the RFC talks a lot about HTTP headers...

The 412 (Precondition Failed) status code indicates that one or more conditions given in the request header fields evaluated to false when tested on the server. This response code allows the client to place preconditions on the current resource state (its current representations and metadata) and, thus, prevent the request method from being applied if the target resource is in an unexpected state.

Answer 1

The conditions mentioned in the descriptions refer to HTTP headers like If-Match, If-Modified-Since, If-None-Match, If-Range or If-Unmodified-Since so the use of 412 would not be appropriate in your case.

I think it's up to your interpretation if Not approved resources are simply unavailable 404, restricted to certain users 403 or locked 423.

I'd say in your case 423 (Locked) (until approval) would be the correct response.