Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the appropriate REST response code for invalid data?

Tags:

rest

I have REST method to update a user profile. Which status code should the system return if the some of the parameters are not valid? Or, for example, to change password, if old password and password in DB are not equals. 400 Bad request?

like image 420
Pavel Varchenko Avatar asked Jun 24 '13 11:06

Pavel Varchenko


People also ask

What is invalid response code?

The 502 (Bad Gateway) status code indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request.

What does HTTP response code 400 refers to?

The HyperText Transfer Protocol (HTTP) 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (for example, malformed request syntax, invalid request message framing, or deceptive request routing).

What is API response code 200?

The HTTP 200 OK success status response code indicates that the request has succeeded. A 200 response is cacheable by default. The meaning of a success depends on the HTTP request method: GET : The resource has been fetched and is transmitted in the message body.

What is a 201 status code?

What Is a 201 Status Code? The request has been fulfilled and has resulted in one or more new resources being created. The primary resource created by the request is identified by either a Location header field in the response or, if no Location field is received, by the effective request URI.


1 Answers

What you describe can and should be handled using two different response codes as described in the Book RESTful webservices from Richardson and Ruby:

400 Bad Request

This is commonly used when the client submits a representation along with a PUT or POST request, and the representation is in the right format, but it doesn’t make any sense. So it's totally okay to use it for missing or invalid parameters.

However 400 is the generic client side error code and you should definitely provide some further infos to the client in the response body.

409 Conflict

Any request that can't be performed by the server because it would leave one or more resources in an inconsistent state. So I would use this response code when a user tries to change his password and the comparison with the old password fails as you described it.

You can also take a look at this discussion REST HTTP status codes for failed validation or invalid duplicate.

like image 172
benjiman Avatar answered Sep 28 '22 12:09

benjiman