What is the proper HTTP response code for request without mandatory fields

api http rest http-status-codes
19,473

Solution 1

400 is the correct response.

400 is not restricted to a malformed syntax from an HTTP point of view. Missing a mandatory argument is an error in the syntax defined by the application and thus a "Bad Request"

EDIT

At first it seems strange that there is no separate return code for this, but the return codes are designed to differentiate in what actions the client should take. A 400 error code means that the client should change the POST data or query string to the format defined by the application. Hence it is appropriate for this case.

Solution 2

In a REST scenario, the resource to be deleted should be identified by the URL, so the ID of the resource should be a part of that URL in order to properly identify it. Once that assumption is correct, then the URL either is identifying a different resource fr deletion, or it isn't (which would give a 404)

In the general case of a missing parameter, however, I often use a 403 Forbidden error. The reasoning is that the request was understood, but I'm not going to do as asked (because things are wrong). The response entity explains what is wrong, so if the response is an HTML page, the error messages are in the page. If it's a JSON or XML response, the error information is in there.

From rfc2616:

10.4.4 403 Forbidden

The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated.
If the request method was not HEAD and the server wishes to make
public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404
(Not Found) can be used instead.

Share:
19,473

Related videos on Youtube

Almad
Author by

Almad

Learner, Developer, and tech exec.

Updated on February 24, 2020

Comments

  • Almad
    Almad about 4 years

    Consider simple case where user is deleting a post. This is simple HTTP DELETE/POST request with one mandatory field, post_id.

    What should server do if post_id is not provided?

    Apparently, user should never encounter this behaviour, so let's be puristic.

    My first take would be 400 bad request, but spec says

    The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.

    and I'd say missing field is OK from syntax/http POV, it's application domain-specific semantic requirement.

    200 OK with explanations is bad, 500 feels weird as this is request problem.

    Thoughs?

  • Will Curran
    Will Curran about 13 years
    Here is a list of RESTful Response Codes as well as some other information on best practices for REST: goo.gl/Nf9gt

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

HTTP response code when resource creation POST fails due to existing matching resource
In Flutter how I can fetch data inside a JASON with API and GetX
Getting 'blocked:other' error status from the browser - In Angular application, I made a rest api call to fetch the information from the server
What RESTful HTTP request for executing actions on the server?
HTTP 200 or 404 for empty list?
Best practice for sending query parameters in a GET request?
how to reverse engineer an http API call using REST console
Java: How to make API call with data?
What other headers should I be passing to Advanced Rest Client to be able to test a .js post action that requires login?
How to make basic REST API calls using a browser