0

I'm pretty familiar with rest apis, but today I was asked this: "what if a resource exists but it's content have been blocked for some reason?"

example: try to retrieve users/18 but user with id 18 has been banned/blocked/whatever.

I think the best answer would be to return 204, but how to also inform the client of the reason for the resource is not available to you?

is there a best practice for that?

jack_the_beast
  • 1,838
  • 4
  • 34
  • 67

1 Answers1

1

I think the best answer would be to return 204, but how to also inform the client of the reason for the resource is not available to you?

No, 204 isn't a good choice -- in particular because 204 cannot contain a message body.

I would expect either

403 Forbidden

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).

404 Not Found

An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).

451 Unavailable For Legal Reasons

This status code indicates that the server is denying access to the resource as a consequence of a legal demand.

Community
  • 1
  • 1
VoiceOfUnreason
  • 52,766
  • 5
  • 49
  • 91
  • thanks for your comment. can you think of a situation that doesn't fall into any of the error codes? what to do in such a case? should we try to fit all the cases into code errors or it would make sense to act differently sometimes? – jack_the_beast Sep 19 '19 at 21:03
  • 1
    You could certainly make a case for `200 OK` -- the blocked message _is_ the current representation of the resource. You might also be able to argue for `303 See Other`. – VoiceOfUnreason Sep 20 '19 at 00:55