5

I need to return information about errors like: customer can't have more than 3 contacts, field Job is empty, limit of operations was exceeded.

Do I need send each error with own status code?
Can I use 400 BadRequest for all those errors?

Opal
  • 81,889
  • 28
  • 189
  • 210
rnofenko
  • 9,198
  • 2
  • 46
  • 56

4 Answers4

7

Can I use 400 BadRequest for all those errors?

Most certainly.

This used to be a bit questionable, because RFC 2616 defined 400 Bad Request as:

The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.

However, there often wasn't a more applicable better status, so it was often used as the best-fit.

This has changed with RFC 7231 obsoleting RFC 2616 and giving a broader definition to 400:

The 400 (Bad Request) status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

Because "something that is perceived to be a client error" covers a multitude of sins, it's now more explicitly applicable.

Of course, if another 4xx code does match better (e.g. 404 for a request that relates to something that doesn't exist [an ID in the message doesn't find a match]), then it is the better option.

Jon Hanna
  • 110,372
  • 10
  • 146
  • 251
1

Can I use BadRequest (400) for all those errors?

Yes, that's definitely the correct status code for this kind of validation errors.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • 400 works in general; if you want to make it more specific you may want to consider 422 (see http://greenbytes.de/tech/webdav/rfc4918.html#STATUS_422) – Julian Reschke Jan 10 '16 at 08:50
  • I wonder how you can use `400 Bad Request` when it comes to `limit of operations was exceeded`... – Opal Jan 10 '16 at 15:42
0

Can I use BadRequest (400) for all those errors?

400 Bad Request status code is used to indicate errors that are related to syntax of the request. E.g. there's a field of type String and an Integer was passed. Or there as field of type String that accepts a set of predefined values (enum) but an another string was passed. There's a field missing. Field can't be null.

So if a field is missing or it's empty, this is definitely a 400 Bad Request error.

However when it comes to customer can't have more than 3 contacts it's not that clear. If you have restricted the body to accept values from range 0-3 this is 400 Bad Request, BUT if the field accepts any integer and it turns out that it's not from range 0-3 later on (during entity processing) it will be 409 Conflict (better idea) or 403 Forbidden (worse idea).

limit of operations was exceeded definitely does not sound like a 400 Bad Request error. It may be 403 Forbidden or 429 Too Many Requests.

It seems that you can't use just 400 Bad Request to handle all the errors.

What's important to always explain in a body message what the problem really is.

BTW: 403 Forbidden is used to indicate a forbidden operation not necessarily related to authentication or authorization.

Opal
  • 81,889
  • 28
  • 189
  • 210
-3

No, aparently you shouldn't, you should search in your browser the "List of HTTP status codes".

One link available is https://en.wikipedia.org/wiki/List_of_HTTP_status_codes.

Marco
  • 314
  • 4
  • 9