I read What HTTP status response code should I use if the request is missing a required parameter? but it did not specifically ask about headers and there didn't seem to be a consensus.
The context of this question assumes successful authentication. I'm currently favoring either a 400 (though that doesn't feel right because this isn't really a case of "malformed syntax") or 403. Given 403's description:
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity.
This makes the most sense to me.
Can someone please enlighten me? Thanks.
200 OK - This is the most appropriate code for most use-cases. 204 No Content - A proper code for updates that don't return data to the client, for example when just saving a currently edited document. 202 Accepted - If the update is done asynchronous, this code can be used.
The 200 status code is by far the most common returned. It means, simply, that the request was received and understood and is being processed. A 201 status code indicates that a request was successful and as a result, a resource has been created (for example a new page).
We tend to get -1 status codes when there are network issues or connection problems, so we display the user a network problems page in those cases.
The HTTP 204 No Content success status response code indicates that a request has succeeded, but that the client doesn't need to navigate away from its current page.
400 Bad Request
It's a user error in the request. Unlike with a 403, the client should be allowed to repeat their request, but only after modification:
10.4.1 400 Bad Request The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.
Edit
As Mark Reed points out in the comments, a 403 says, "There is nothing wrong with what you sent me. You have proper authorization and the syntax was valid. I just don't want to do what you ask."
The part that you have in bold simply says, if the server so chooses, it can tell the client exactly why it doesn't want to fulfill the request.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With