发表新帖
发表新帖

What is the appropriate HTTP status code response for a general unsuccessful request (not an error)?

后端 未结
关注
7 1974
予麋鹿
予麋鹿 2020-12-02 07:18

I\'m creating a RESTful API that will process a number of user interactions, including placing orders using stored credit cards.

In the case of a successful order, I

相关标签:
7条回答
  • 心在旅途
    2020-12-02 07:50

    How about 424 Failed Dependency? The spec describes it as:

    The method could not be performed on the resource because the requested action depended on another action and that action failed.

    But there is also this definition:

    Status code 424 is defined in the WebDAV standard and is for a case where the client needs to change what it is doing - the server isn't experiencing any problem here.

    You can tell the client (or pretend) that you have internal actions which are supposed to create the order, and deduct the balance, and that one of those actions failed, albeit for perfectly valid reasons, and that's why the request failed.

    As far as I can see, "action" is quite a broad term, and can be used in a variety of situations, including insufficient stock, insufficient credit, or warehouse party night.

    Another option might be 422 Unprocessable Entity:

    The server understands the content type of the request entity (hence a 415 Unsupported Media Type status code is inappropriate), and the syntax of the request entity is correct (thus a 400 Bad Request status code is inappropriate) but was unable to process the contained instructions.

    For example, this error condition may occur if an XML request body contains well-formed (i.e., syntactically correct), but semantically erroneous, XML instructions.

    Trying to request an item which is out of stock, or when you have insufficient credit, might be considered a mistake at the semantic level.

    MozDev says this indicates a mistake on the client side, specifically: The client should not repeat this request without modification.

    Loopback 4 uses 422 when input validation fails.

    Arguably, insufficient stock or warehouse party night could be considered temporary states, so the request could be retried again later. That situation can be indicated by 503 Service Unavailable

    The server is currently unable to handle the request due to a temporary overload or scheduled maintenance, which will likely be alleviated after some delay.

    The server MAY send a Retry-After header field to suggest an appropriate amount of time for the client to wait before retrying the request.

    0 讨论(0)
  • 栀梦
    2020-12-02 07:54

    You should use 4xx for a client error if the client can modify the request to get around the error. Use a 5xx for a server error that the client can't really work around.

    Product sold out would be a server error. The client can't modify the request in some fashion to get around the error. You could switch to another product but wouldn't that be a new request?

    User maximum order limit reached is also a server error. Nothing the client can do to work around that error.

    Credit card transaction failure would be a client error. The client could resubmit the request with a different payment method or credit card number to work around the error.

    0 讨论(0)
  • 轻奢々
    2020-12-02 07:54

    I know this question is old, but I came up with the very same question today. If my user runs out of credits, what status code should my REST API return?

    I tend to lean towards 402 Payment Required:

    According to Wikipedia:

    Reserved for future use. The original intention was that this code might be used as part of some form of digital cash or micropayment scheme, but that has not happened, and this code is not usually used. Google Developers API uses this status if a particular developer has exceeded the daily limit on requests.

    And indeed they do:

    PAYMENT_REQUIRED (402)

    • A daily budget limit set by the developer has been reached.
    • The requested operation requires more resources than the quota allows. Payment is required to complete the operation.
    • The requested operation requires some kind of payment from the authenticated user.
    0 讨论(0)
  • 情书的邮戳
    2020-12-02 07:55

    You should use 400 for business rules. Don't return 2xx if the order was not accepted. HTTP is an application protocol, never forget that. If you return 2xx the client can assume the order was accepted, regardless of any information you send in the body.

    From RESTful Web Services Cookbook:

    One common mistake that some web services make is to return a status code that reflects success (status codes from 200 to 206 and from 300 to 307) but include a message body that describes an error condition. Doing this prevents HTTP-aware software from detecting errors. For example, a cache will store it as successful response and serve it to subsequent clients even when clients may be able to make a successful request.

    I'll leave it to you to decide between 4xx and 5xx, but you should use an error status code.

    0 讨论(0)
  • 情书的邮戳
    2020-12-02 08:03

    I go with 406 Not Acceptable.

    Here's a 4xx list:

    const HTTP_BAD_REQUEST = 400;
const HTTP_UNAUTHORIZED = 401;
const HTTP_PAYMENT_REQUIRED = 402;
const HTTP_FORBIDDEN = 403;
const HTTP_NOT_FOUND = 404;
const HTTP_METHOD_NOT_ALLOWED = 405;
const HTTP_NOT_ACCEPTABLE = 406;
const HTTP_PROXY_AUTHENTICATION_REQUIRED = 407;
const HTTP_REQUEST_TIMEOUT = 408;
const HTTP_CONFLICT = 409;
const HTTP_GONE = 410;
const HTTP_LENGTH_REQUIRED = 411;
const HTTP_PRECONDITION_FAILED = 412;
const HTTP_REQUEST_ENTITY_TOO_LARGE = 413;
const HTTP_REQUEST_URI_TOO_LONG = 414;
const HTTP_UNSUPPORTED_MEDIA_TYPE = 415;
const HTTP_REQUESTED_RANGE_NOT_SATISFIABLE = 416;
const HTTP_EXPECTATION_FAILED = 417;
const HTTP_I_AM_A_TEAPOT = 418;                                               // RFC2324
const HTTP_MISDIRECTED_REQUEST = 421;                                         // RFC7540
const HTTP_UNPROCESSABLE_ENTITY = 422;                                        // RFC4918
const HTTP_LOCKED = 423;                                                      // RFC4918
const HTTP_FAILED_DEPENDENCY = 424;                                           // RFC4918
const HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL = 425;   // RFC2817
const HTTP_UPGRADE_REQUIRED = 426;                                            // RFC2817
const HTTP_PRECONDITION_REQUIRED = 428;                                       // RFC6585
const HTTP_TOO_MANY_REQUESTS = 429;                                           // RFC6585
    0 讨论(0)
  • 滥情空心
    2020-12-02 08:07

    Error type:

    4×× Client Error

    Error code:

    422 Unprocessable Entity

    The server understands the content type of the request entity (hence a 415 Unsupported Media Type status code is inappropriate), and the syntax of the request entity is correct (thus a 400 Bad Request status code is inappropriate) but was unable to process the contained instructions.

    For example, this error condition may occur if an XML request body contains well-formed (i.e., syntactically correct), but semantically erroneous, XML instructions.

    https://httpstatuses.com/422

    0 讨论(0)
 看不清?
提交回复
热议问题