I have REST method to update a user profile. Which status code should the system return if the some of the parameters are not valid? Or, for example, to change password, if old password and password in DB are not equals. 400 Bad request?
The 502 (Bad Gateway) status code indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request.
The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (for example, malformed request syntax, invalid request message framing, or deceptive request routing).
The HTTP 200 OK success status response code indicates that the request has succeeded. A 200 response is cacheable by default. The meaning of a success depends on the HTTP request method: GET : The resource has been fetched and is transmitted in the message body.
What Is a 201 Status Code? The request has been fulfilled and has resulted in one or more new resources being created. The primary resource created by the request is identified by either a Location header field in the response or, if no Location field is received, by the effective request URI.
What you describe can and should be handled using two different response codes as described in the Book RESTful webservices from Richardson and Ruby:
400 Bad Request
This is commonly used when the client submits a representation along with a PUT or POST request, and the representation is in the right format, but it doesn’t make any sense. So it's totally okay to use it for missing or invalid parameters.
However 400 is the generic client side error code and you should definitely provide some further infos to the client in the response body.
409 Conflict
Any request that can't be performed by the server because it would leave one or more resources in an inconsistent state. So I would use this response code when a user tries to change his password and the comparison with the old password fails as you described it.
You can also take a look at this discussion REST HTTP status codes for failed validation or invalid duplicate.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With