Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

REST - When to use 400 ("Bad Request")

I have a resource like this sales/customers/{customerno}. If a client sends a PUT request to this resource I would return 400 - Bad request if the xml in the entity body is not valid xml. But what if the xml is valid, but the content of the xml is not valid. Say for instance that the client is trying to update the customers PostCode and is providing a PostCode which is not valid. Is it correct to return 400 - Bad request in this case, or is it another http code I should have used?

like image 394
rgullhaug Avatar asked Jun 01 '12 08:06

rgullhaug


People also ask

When can I return a Bad Request?

400 Bad Request: The request cannot be fulfilled due to bad syntax. In this case, your client sent you an XML payload that had an invalid zip code, which is a form of invalid syntax; therefore, sending a 400 Bad Request is an appropriate error code to return in this situation.

How does REST API handle 400 error?

A 400 status code means that the server could not process an API request due to invalid syntax. A few possibilities why this might happen are: A typo or mistake while building out the request manually, such as mistyping the API endpoint, a header name or value, or a query parameter.

When should 422 be used?

A 422 status code occurs when a request is well-formed, however, due to semantic errors it is unable to be processed. This HTTP status was introduced in RFC 4918 and is more specifically geared toward HTTP extensions for Web Distributed Authoring and Versioning (WebDAV).


2 Answers

From Wikipedia's List of HTTP Status Codes:

400 Bad Request: The request cannot be fulfilled due to bad syntax.

In this case, your client sent you an XML payload that had an invalid zip code, which is a form of invalid syntax; therefore, sending a 400 Bad Request is an appropriate error code to return in this situation.

In addition, Wikipedia cites RFC-4918 as a resource on this topic. From this document, you'll find the following information:

Servers MAY reject questionable requests (even though they consist of well-formed XML), for instance, with a 400 (Bad Request) status code and an optional response body explaining the problem.

Since your request is well-formed (the XML isn't bad, it just contains semantically incorrect information) you may reject the content with status code 400. The word *may* suggests that there are other options.

While you might be tempted to use status code 422, this would not be correct in this situation, since the invalid zip code does not meet the criteria to be a semantic error. Read below...

From Wikipedia:

422 Unprocessable Entity (WebDAV; RFC 4918): The request was well-formed but was unable to be followed due to semantic errors.

In addition, here are some definitions to assist in the interpretation of status code 422:

  • Syntax errors occur during the parsing of input code, and are caused by grammatically incorrect statements. Typical errors might be an illegal character in the input, a missing operator, two operators in a row, two statements on the same line with no intervening semicolon, unbalanced parentheses, a misplaced reserved word, etc.

  • Semantic errors occur during the execution of the code, after it has been parsed as grammatically correct. These have to do not with how statements are constructed, but with what they mean. Such things as incorrect variable types or sizes, nonexistent variables, subscripts out of range, and the like, are semantic errors.

Your invalid zip code is neither a syntax error nor a semantic error; thus, it's reasonable to rule out status code 422 as an option.

To answer your question, status code 400 is appropriate; however, you may have other options as well.

like image 106
jmort253 Avatar answered Sep 28 '22 23:09

jmort253


The revised version of the HTTP spec found here has updated the wording to try and avoid this confusion about 400 being limited to just malformed requests.

7.4.1. 400 Bad Request

The server cannot or will not process the request, due to a client error (e.g., malformed syntax).

like image 20
Darrel Miller Avatar answered Sep 28 '22 22:09

Darrel Miller