0

I am building an API and I am returning this kind of status codes for each method (e.g., "register_user"):

  • 200 (OK) when the user has been registered successfully
  • 403 (forbidden) when there are missing parameters in the request
  • 409 (conflict) when a user was already registered

In addition to the status code, I return a "message" field explaining what happened. Do you consider returning these codes in this example a good practice? Or should I return 200 in all of them but an error in the "message" field?

  • 2
    Since the situation is not OK, you shouldn't return 200 – Sami Kuhmonen Nov 20 '16 at 20:34
  • 2
    Take a look at this resource http://www.restapitutorial.com/httpstatuscodes.html. You should look at 400 - Bad Request for when there are missing parameters. – Nkosi Nov 20 '16 at 20:35

1 Answers1

0

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).

-- RFC 7231, 6.5.3

That doesn't sound like what you've got at all. The other two are reasonable. Missing parameters are typically handled with a 400 response code.

Community
  • 1
  • 1
Eric Stein
  • 13,209
  • 3
  • 37
  • 52