What REST PUT/POST/DELETE calls should return by a convention?
Solution 1
Forgive the flippancy, but if you are doing REST over HTTP then RFC7231 describes exactly what behaviour is expected from GET, PUT, POST and DELETE.
Update (Jul 3 '14):
The HTTP spec intentionally does not define what is returned from POST or DELETE. The spec only defines what needs to be defined. The rest is left up to the implementer to choose.
Solution 2
Overall, the conventions are “think like you're just delivering web pages”.
For a PUT, I'd return the same view that you'd get if you did a GET immediately after; that would result in a 200 (well, assuming the rendering succeeds of course). For a POST, I'd do a redirect to the resource created (assuming you're doing a creation operation; if not, just return the results); the code for a successful create is a 201, which is really the only HTTP code for a redirect that isn't in the 300 range.
I've never been happy about what a DELETE should return (my code currently produces an HTTP 204 and an empty body in this case).
Solution 3
Creating a resource is generally mapped to POST, and that should return the location of the new resource; for example, in a Rails scaffold a CREATE will redirect to the SHOW for the newly created resource. The same approach might make sense for updating (PUT), but that's less of a convention; an update need only indicate success. A delete probably only needs to indicate success as well; if you wanted to redirect, returning the LIST of resources probably makes the most sense.
Success can be indicated by HTTP_OK, yes.
The only hard-and-fast rule in what I've said above is that a CREATE should return the location of the new resource. That seems like a no-brainer to me; it makes perfect sense that the client will need to be able to access the new item.
Solution 4
By the RFC7231 it does not matter and may be empty
How we implement json api standard based solution in the project:
post/put: outputs object attributes as in get (field filter/relations applies the same)
delete: data only contains null (for its a representation of missing object)
status for standard delete: 200
Solution 5
I like Alfonso Tienda responce from HTTP status code for update and delete?
Here are some Tips:
DELETE
200 (if you want send some additional data in the Response) or 204 (recommended).
202 Operation deleted has not been committed yet.
If there's nothing to delete, use 204 or 404 (DELETE operation is idempotent, delete an already deleted item is operation successful, so you can return 204, but it's true that idempotent doesn't necessarily imply the same response)
Other errors:
- 400 Bad Request (Malformed syntax or a bad query is strange but possible).
- 401 Unauthorized Authentication failure
- 403 Forbidden: Authorization failure or invalid Application ID.
- 405 Not Allowed. Sure.
- 409 Resource Conflict can be possible in complex systems.
- And 501, 502 in case of errors.
PUT
If you're updating an element of a collection
- 200/204 with the same reasons as DELETE above.
- 202 if the operation has not been commited yet.
The referenced element doesn't exists:
PUT can be 201 (if you created the element because that is your behaviour)
404 If you don't want to create elements via PUT.
400 Bad Request (Malformed syntax or a bad query more common than in case of DELETE).
401 Unauthorized
403 Forbidden: Authentication failure or invalid Application ID.
405 Not Allowed. Sure.
409 Resource Conflict can be possible in complex systems, as in DELETE.
422 Unprocessable entity It helps to distinguish between a "Bad request" (e.g. malformed XML/JSON) and invalid field values
And 501, 502 in case of errors.
Related videos on Youtube
tuxSlayer
Work: engineering management, hacking, code/architecture design Leasure: sci-fi movies, metal, traveling Life: Karma Kagyu
Updated on June 11, 2020Comments
-
tuxSlayer almost 4 years
According to the "REST ideology" what should be in the response body for a PUT/POST/DELETE requests?
What about return codes? Is
HTTP_OK
enough?What is the reason for such conventions, if any?
I've found a good post describing POST/PUT differences: POST vs PUT But it still doesn't answer my question.
-
tuxSlayer over 13 yearsYeah, I've missed this fact. Thank you! This looks much more logical than to "invent" some new meaning for each http "method" and surely more logical than mapping to SQL operations.
-
Darrel Miller over 13 years@tuxslayer I'm glad you didn't think I was just trying to be snarky. Many people seem to think REST adds addition requirements on top of the HTTP methods. However, that is not the case. There are additional constraints but they do not really impact the behaviour of the HTTP methods. RFC2616 is definitely the guide to follow.
-
Perry Tew over 11 yearsI appreciate the link. :) It made me stop and think about the tool I'm using. After reading your post, and the RFC, I found myself referring to the RFC the rest of the night. It's helped me think of the process as an HTTP process first, and a rest process second. Much appreciated.
-
Darrel Miller over 11 years@PerryTew Now you can go here tools.ietf.org/wg/httpbis and see the currently being revised version of the HTTP spec. Enjoy!
-
Stevie over 11 yearsYou've actually mixed up PUT and POST. POST is used for creating, PUT is used for updating (and creating). It's also worthwhile to note that PUT should be idempotent whereas POST is not.
-
Cam Jackson almost 10 yearsMaybe I just need more sleep, but I can't seem to find the exact information that the OP asked for within the RFC. What should the body be for a POST or DELETE response?
-
Darrel Miller almost 10 years@CamJackson That's partly because the HTTP spec intentionally does not define what is returned from POST or DELETE. The spec only defines what needs to be defined. The rest is left up to the implementer to choose. The new spec has a bit more discussion though tools.ietf.org/html/rfc7231
-
Doug Molineux over 9 yearsWell, that's about as clear as mud. Perhaps some more information in the answer would be helpful. Especially, when that link is dead.
-
Darrel Miller over 9 years@DougMolineux Hmm, the link works for me, but anyway. Fortunately, several of the world's experts on HTTP spent the last 5 years re-writing big chunks of the HTTP spec to make it clearer. Here are the updated HTTP method definitions tools.ietf.org/html/rfc7231#section-4.3
-
Darrel Miller over 9 years@kevin Done. Thanks for the poke.
-
lobati almost 9 yearsHaving the
PUT
request return the next page seems like a bad practice, since refreshing on the resulting page will cause the request to execute again. Instead, to me, it makes sense to do a redirect, assuming you're dealing with synchronous requests. -
Iain over 8 years@lobati I think it's important to note that sending multiple identical PUT requests, should have precisely the same result as sending only one of the same PUT requests. Perhaps the issue you raise is now less important given the above?
-
lobati over 8 years@Iain not really. The problem is, if something else updates the record later, you wouldn't want to have it send another
PUT
request causing the data to be reverted. For example, if two people are referencing the same page, one makes an update, then the other makes an update, if the first person refreshes to see the result, it would end up actually causing things to be reverted to before the second person made their changes. -
Jacob Mattison over 5 yearsAn idempotent command should work properly however many times you run it. So you should be able to do the same PUT multiple times to apply the same "update" without any negative side effects.
-
Ganesh Jadhav almost 5 years@DarrelMiller Your Jul 3 '14 12:50 comment should be the answer. I've added it to the answer.
-
Luke Puplett almost 5 years"Think like website" is perfect, thus a delete may respond with some likely next actions, which depends on the "story" around why you'd be deleting a resource. This could at least be a link to take the agent back to some logical starting place of actions, or even a redirect to a status resource that shows the impact of the delete (order total) and contains further links.