Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Should a ReST API silently ignore request to change nonexistent field?

Tags:

rest

http

api-design

Consider a ReST API which provides an interface to a database.

Should a the server respond with an HTTP 400 Bad Request on a PUT or PATCH request which attempts to specify a new value for a column which does not exist in the database? Should the server silently ignore the error? Should the server do something else which I have not mentioned here?

like image 765
argentpepper Avatar asked Dec 03 '12 22:12

argentpepper

2 Answers

Do not silently ignore the request
I'm not sure how you could anyway, besides the server closing the connection without sending a response.

400 is good, as is 409. You may also want to consider 403 Forbidden: The server understood your request but is refusing to fulfill it.

400 is typically for mal-formed requests.
403 is good for when the request was sufficiently well-formed that your server code was able to parse it and understand what the request was for. I think that most closely meets your requirement here.

However, a line in your question worries me:

attempts to specify a new value for a column which does not exist in the database

Requests should not be modifying values of columns in a database. They should be modifying the content of a resource. The two are not the same. It is easy to fall into the trap of thinking "oh, lets just expose this domain object as an HTTP resource" but that can cause scalability problems down the line. In general, you should have more resources in your URI space than model objects. This allows you to cache the fairly static parts of your model with a different policy than those much more dynamic parts.

For example, in an order processing system, the delivery address changes very infrequently, but the progress tracker might change every few minutes. Give the two data different URIs and different cache policies.

like image 54
Nicholas Shanks Avatar answered Oct 24 '22 03:10

Nicholas Shanks

Silently ignoring errors is a recipe for making your API difficult to work with. Unless you provide extremely good documentation (and sometimes even then) the developer that is working on a client for your API is unlikely to know that parts of their request may be ignored. Consequently they are likely to become confused as to why the resource does not reflect what they last PUT. Wasting peoples time like this is not likely to make your API popular.

like image 32
gilbertpilz Avatar answered Oct 24 '22 04:10

gilbertpilz
Sign in to Comment

Related questions

Load balancing and sessions
HTML5 Cache Manifest and Content types
Is there any way to 'simulate' right-click save-as command or force download of file in the browser with JavaScript?
Is there a valid domain name guaranteed to be unreachable?
Detecting aborted requests in a HttpServlet
Flash in Firefox does not send the HTTP REFERER value
Ubuntu PHP5/Apache2 - Displaying 500 error instead of error message
Import CSV data from web service into Excel
Should I include media type in my ETag?
What does the HTTP response status "200 Filtered" mean?
How to change request http method by using Charles proxy?
httpget request with auth
REST API design - querying mail data - which poison to choose? [closed]
Grails - SSL and Spring security core
900 MB http forced downloads rarely finish
RequireJS text! plugin and Load timeout
What is a safe way of knowing the referer/referrer in an HTTP request?
How to do HTTP 302 redirects with Noir Web framework
How to send secure token from RESTful service?
FFmpegPHP get thumbnail from external URL

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!