Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What HTTP status code for unactivated account?

Which HTTP status code should I respond with after authenticating the user and then finding out that they have not activated their account after registration?

like image 979
Johnathan Au Avatar asked Mar 25 '13 17:03

Johnathan Au


People also ask

What is meaning of HTTP status code 401 & 403?

401 Unauthorized is the status code to return when the client provides no credentials or invalid credentials. 403 Forbidden is the status code to return when a client has valid credentials but not enough privileges to perform an action on a resource.

What is HTTP status code State 401?

The HyperText Transfer Protocol (HTTP) 401 Unauthorized response status code indicates that the client request has not been completed because it lacks valid authentication credentials for the requested resource.

What is the difference between 200 and 201 status code?

A 200-level response means that everything is working exactly as it should. 200: “Everything is OK.” This is the code that is delivered when a web page or resource acts exactly the way it's expected to. 201: “Created.” The server has fulfilled the browser's request, and as a result, has created a new resource.

What is a 0 status code?

HTTP StatusCode=0 is associated with incomplete capture of a hit or page and often with a labeling of the hit as: request canceled ("ReqCancelled=Client" "ReqCancelled=Server" or "ReqCancelled=True").


1 Answers

401 means that the user is unknown (not authenticated at all or authenticated incorrectly, e.g. the credentials are invalid).
403 means that the user is known but not authorized (i.e. doesn't have the proper role/group).

You could also interpret a registered but inactivated account as an user having a specific role like "INACTIVE" and/or lacking the proper role. 403 is more appropriate in your particular case.

like image 142
BalusC Avatar answered Sep 21 '22 15:09

BalusC