Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Returning http 200 OK with error within response body

I'm wondering if it is correct to return HTTP 200 OK when an error occurred on the server side (the error details would be contained inside the response body).

Example:

  1. We're sending HTTP GET
  2. Something unexpected happened on the server side.
  3. Server returns HTTP 200 OK status code with error inside a response (e.g. {"status":"some error occurred"})

Is this the correct behavior or not? Should we change the status code to something else than 200?

like image 475
krzakov Avatar asked Jan 13 '15 11:01

krzakov


2 Answers

No, it's very incorrect to send 200 with a error body

HTTP is an application protocol. 200 implies that the response contains a payload that represents the status of the requested resource. An error message usually is not a representation of that resource.

If something goes wrong while processing GET, the right status code is 4xx ("you messed up") or 5xx ("I messed up").

like image 50
Julian Reschke Avatar answered Sep 20 '22 13:09

Julian Reschke


HTTP status codes say something about the HTTP protocol. HTTP 200 means transmission is OK on the HTTP level (i.e request was technically OK and server was able to respond properly). See this wiki page for a list of all codes and their meaning.

HTTP 200 has nothing to do with success or failure of your "business code". In your example the HTTP 200 is an acceptable status to indicate that your "business code error message" was successfully transferred, provided that no technical issues prevented the business logic to run properly.

Alternatively you could let your server respond with HTTP 5xx if technical or unrecoverable problems happened on the server. Or HTTP 4xx if the incoming request had issues (e.g. wrong parameters, unexpected HTTP method...) Again, these all indicate technical errors, whereas HTTP 200 indicates NO technical errors, but makes no guarantee about business logic errors.

To summarize: YES it is valid to send error messages (for non-technical issues) in your http response together with HTTP status 200. Whether this applies to your case is up to you. If for instance the client is asking for a file that isn't there, that would be more like a 404. If there is a misconfiguration on the server that might be a 500. If client asks for a seat on a plane that is booked full, that would be 200 and your "implementation" will dictate how to recognise/handle this (e.g. JSON block with a { "booking": "failed" })

like image 36
geert3 Avatar answered Sep 20 '22 13:09

geert3