What REST PUT/POST/DELETE calls should return by a convention?

rest http post http-delete
129,717

Solution 1

Forgive the flippancy, but if you are doing REST over HTTP then RFC7231 describes exactly what behaviour is expected from GET, PUT, POST and DELETE.

Update (Jul 3 '14):
The HTTP spec intentionally does not define what is returned from POST or DELETE. The spec only defines what needs to be defined. The rest is left up to the implementer to choose.

Solution 2

Overall, the conventions are “think like you're just delivering web pages”.

For a PUT, I'd return the same view that you'd get if you did a GET immediately after; that would result in a 200 (well, assuming the rendering succeeds of course). For a POST, I'd do a redirect to the resource created (assuming you're doing a creation operation; if not, just return the results); the code for a successful create is a 201, which is really the only HTTP code for a redirect that isn't in the 300 range.

I've never been happy about what a DELETE should return (my code currently produces an HTTP 204 and an empty body in this case).

Solution 3

Creating a resource is generally mapped to POST, and that should return the location of the new resource; for example, in a Rails scaffold a CREATE will redirect to the SHOW for the newly created resource. The same approach might make sense for updating (PUT), but that's less of a convention; an update need only indicate success. A delete probably only needs to indicate success as well; if you wanted to redirect, returning the LIST of resources probably makes the most sense.

Success can be indicated by HTTP_OK, yes.

The only hard-and-fast rule in what I've said above is that a CREATE should return the location of the new resource. That seems like a no-brainer to me; it makes perfect sense that the client will need to be able to access the new item.

Solution 4

By the RFC7231 it does not matter and may be empty

How we implement json api standard based solution in the project:

post/put: outputs object attributes as in get (field filter/relations applies the same)

delete: data only contains null (for its a representation of missing object)

status for standard delete: 200

Solution 5

I like Alfonso Tienda responce from HTTP status code for update and delete?

Here are some Tips:

DELETE

  • 200 (if you want send some additional data in the Response) or 204 (recommended).

  • 202 Operation deleted has not been committed yet.

  • If there's nothing to delete, use 204 or 404 (DELETE operation is idempotent, delete an already deleted item is operation successful, so you can return 204, but it's true that idempotent doesn't necessarily imply the same response)

Other errors:

  • 400 Bad Request (Malformed syntax or a bad query is strange but possible).
  • 401 Unauthorized Authentication failure
  • 403 Forbidden: Authorization failure or invalid Application ID.
  • 405 Not Allowed. Sure.
  • 409 Resource Conflict can be possible in complex systems.
  • And 501, 502 in case of errors.

PUT

If you're updating an element of a collection

  • 200/204 with the same reasons as DELETE above.
  • 202 if the operation has not been commited yet.

The referenced element doesn't exists:

  • PUT can be 201 (if you created the element because that is your behaviour)

  • 404 If you don't want to create elements via PUT.

  • 400 Bad Request (Malformed syntax or a bad query more common than in case of DELETE).

  • 401 Unauthorized

  • 403 Forbidden: Authentication failure or invalid Application ID.

  • 405 Not Allowed. Sure.

  • 409 Resource Conflict can be possible in complex systems, as in DELETE.

  • 422 Unprocessable entity It helps to distinguish between a "Bad request" (e.g. malformed XML/JSON) and invalid field values

  • And 501, 502 in case of errors.

Share:
129,717

Related videos on Youtube

tuxSlayer
Author by

tuxSlayer

Work: engineering management, hacking, code/architecture design Leasure: sci-fi movies, metal, traveling Life: Karma Kagyu

Updated on June 11, 2020

Comments

  • tuxSlayer
    tuxSlayer almost 4 years

    1. According to the "REST ideology" what should be in the response body for a PUT/POST/DELETE requests?

    2. What about return codes? Is HTTP_OK enough?

    3. What is the reason for such conventions, if any?

    I've found a good post describing POST/PUT differences: POST vs PUT But it still doesn't answer my question.

  • tuxSlayer
    tuxSlayer over 13 years
    Yeah, I've missed this fact. Thank you! This looks much more logical than to "invent" some new meaning for each http "method" and surely more logical than mapping to SQL operations.
  • Darrel Miller
    Darrel Miller over 13 years
    @tuxslayer I'm glad you didn't think I was just trying to be snarky. Many people seem to think REST adds addition requirements on top of the HTTP methods. However, that is not the case. There are additional constraints but they do not really impact the behaviour of the HTTP methods. RFC2616 is definitely the guide to follow.
  • Perry Tew
    Perry Tew over 11 years
    I appreciate the link. :) It made me stop and think about the tool I'm using. After reading your post, and the RFC, I found myself referring to the RFC the rest of the night. It's helped me think of the process as an HTTP process first, and a rest process second. Much appreciated.
  • Darrel Miller
    Darrel Miller over 11 years
    @PerryTew Now you can go here tools.ietf.org/wg/httpbis and see the currently being revised version of the HTTP spec. Enjoy!
  • Stevie
    Stevie over 11 years
    You've actually mixed up PUT and POST. POST is used for creating, PUT is used for updating (and creating). It's also worthwhile to note that PUT should be idempotent whereas POST is not.
  • Cam Jackson
    Cam Jackson almost 10 years
    Maybe I just need more sleep, but I can't seem to find the exact information that the OP asked for within the RFC. What should the body be for a POST or DELETE response?
  • Darrel Miller
    Darrel Miller almost 10 years
    @CamJackson That's partly because the HTTP spec intentionally does not define what is returned from POST or DELETE. The spec only defines what needs to be defined. The rest is left up to the implementer to choose. The new spec has a bit more discussion though tools.ietf.org/html/rfc7231
  • Doug Molineux
    Doug Molineux over 9 years
    Well, that's about as clear as mud. Perhaps some more information in the answer would be helpful. Especially, when that link is dead.
  • Darrel Miller
    Darrel Miller over 9 years
    @DougMolineux Hmm, the link works for me, but anyway. Fortunately, several of the world's experts on HTTP spent the last 5 years re-writing big chunks of the HTTP spec to make it clearer. Here are the updated HTTP method definitions tools.ietf.org/html/rfc7231#section-4.3
  • Darrel Miller
    Darrel Miller over 9 years
    @kevin Done. Thanks for the poke.
  • lobati
    lobati almost 9 years
    Having the PUT request return the next page seems like a bad practice, since refreshing on the resulting page will cause the request to execute again. Instead, to me, it makes sense to do a redirect, assuming you're dealing with synchronous requests.
  • Iain
    Iain over 8 years
    @lobati I think it's important to note that sending multiple identical PUT requests, should have precisely the same result as sending only one of the same PUT requests. Perhaps the issue you raise is now less important given the above?
  • lobati
    lobati over 8 years
    @Iain not really. The problem is, if something else updates the record later, you wouldn't want to have it send another PUT request causing the data to be reverted. For example, if two people are referencing the same page, one makes an update, then the other makes an update, if the first person refreshes to see the result, it would end up actually causing things to be reverted to before the second person made their changes.
  • Jacob Mattison
    Jacob Mattison over 5 years
    An idempotent command should work properly however many times you run it. So you should be able to do the same PUT multiple times to apply the same "update" without any negative side effects.
  • Ganesh Jadhav
    Ganesh Jadhav almost 5 years
    @DarrelMiller Your Jul 3 '14 12:50 comment should be the answer. I've added it to the answer.
  • Luke Puplett
    Luke Puplett almost 5 years
    "Think like website" is perfect, thus a delete may respond with some likely next actions, which depends on the "story" around why you'd be deleting a resource. This could at least be a link to take the agent back to some logical starting place of actions, or even a redirect to a status resource that shows the impact of the delete (order total) and contains further links.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Best way to support "application/x-www-form-urlencoded" post data with WCF?
how to send POST HTTP request from Google Chrome without any extensions?
How to make http/https POST requests manually?
Pass array of data from Angular $http POST
Are PUT and POST requests required/expected to have a request body?
Web API 2 POST request simulation in POSTMAN Rest Client
Which REST operation (GET, PUT, or POST) for validating information?
Is a response-body allowed for a HTTP-DELETE-request?
What's the difference between "Request Payload" vs "Form Data" as seen in Chrome dev tools Network tab
What is the difference between POST and PUT in HTTP?