SyntaxFix

[http] REST response code for invalid data

What response code should be passed to client in case of following scenarios?

  1. Invalid data passed while user registration like wrong email format
  2. User name/ Email is already exists

I chose 403. I also found following that I feel can be used.

Wikipedia:

412 Precondition Failed : The server does not meet one of the preconditions that the requester put on the request

Suggest code if I should use other than 403.

This question is related to http rest jax-rs

The answer is

If the request could not be correctly parsed (including the request entity/body) the appropriate response is 400 Bad Request [1].

RFC 4918 states that 422 Unprocessable Entity is applicable when the request entity is syntactically well-formed, but semantically erroneous. So if the request entity is garbled (like a bad email format) use 400; but if it just doesn't make sense (like @example.com) use 422.

If the issue is that, as stated in the question, user name/email already exists, you could use 409 Conflict [2] with a description of the conflict, and a hint about how to fix it (in this case, "pick a different user name/email"). However in the spec as written, 403 Forbidden [3] can also be used in this case, arguments about HTTP Authorization notwithstanding.

412 Precondition Failed [4] is used when a precondition request header (e.g. If-Match) that was supplied by the client evaluates to false. That is, the client requested something and supplied preconditions, knowing full well that those preconditions might fail. 412 should never be sprung on the client out of the blue, and shouldn't be related to the request entity per se.

I would recommend 422. It's not part of the main HTTP spec, but it is defined by a public standard (WebDAV) and it should be treated by browsers the same as any other 4xx status code.

From RFC 4918:

The 422 (Unprocessable Entity) status code means the server understands the content type of the request entity (hence a 415(Unsupported Media Type) status code is inappropriate), and the syntax of the request entity is correct (thus a 400 (Bad Request) status code is inappropriate) but was unable to process the contained instructions. For example, this error condition may occur if an XML request body contains well-formed (i.e., syntactically correct), but semantically erroneous, XML instructions.

It is amusing to return 418 I'm a teapot to requests that are obviously crafted or malicious and "can't happen", such as failing CSRF check or missing request properties.

2.3.2 418 I'm a teapot

Any attempt to brew coffee with a teapot should result in the error code "418 I'm a teapot". The resulting entity body MAY be short and stout.

To keep it reasonably serious, I restrict usage of funny error codes to RESTful endpoints that are not directly exposed to the user.

Source: Stackoverflow.com

Examples related to http

Access blocked by CORS policy: Response to preflight request doesn't pass access control check Axios Delete request with body and headers? Read response headers from API response - Angular 5 + TypeScript Android 8: Cleartext HTTP traffic not permitted Angular 4 HttpClient Query Parameters Load json from local file with http.get() in angular 2 Angular 2: How to access an HTTP response body? What is HTTP "Host" header? Golang read request body Angular 2 - Checking for server errors from subscribe

Examples related to rest

Access blocked by CORS policy: Response to preflight request doesn't pass access control check Returning data from Axios API Access Control Origin Header error using Axios in React Web throwing error in Chrome JSON parse error: Can not construct instance of java.time.LocalDate: no String-argument constructor/factory method to deserialize from String value How to send json data in POST request using C# How to enable CORS in ASP.net Core WebAPI RestClientException: Could not extract response. no suitable HttpMessageConverter found REST API - Use the "Accept: application/json" HTTP Header 'Field required a bean of type that could not be found.' error spring restful API using mongodb MultipartException: Current request is not a multipart request

Examples related to jax-rs

Java 8 LocalDate Jackson format File upload along with other object in Jersey restful web service Best practice for REST token-based authentication with JAX-RS and Jersey MessageBodyWriter not found for media type=application/json Can not deserialize instance of java.util.ArrayList out of START_OBJECT token Read response body in JAX-RS client from a post request What is the difference between JAX-RS and JAX-WS? javax.xml.bind.JAXBException: Class *** nor any of its super class is known to this context When to use @QueryParam vs @PathParam How to set up JAX-RS Application using annotations only (no web.xml)?

Tags

Asp.net-caching Tuareg Linegraph Vim-plugin Web-optimization Date-arithmetic Penetration-testing Unrealscript Facebox Windowsphotogallery Grayscale System.type Offline-mode Crud Method-names Rapid-prototyping Google-instant-previews Installshield-2009 Motherboard Roguelike Xemacs Windows-2003-webserver Djvu Durability Model-binding Approximation Ora-01555 Math.h Oma-dm Dword Winsxs Fmod Armv7 Generic-relations Maven-ant-tasks Idhttp Select-case Misra Gaeunit Backupexec Serializable Ergonomics Synthesis Nsfontpanel Mse Modern-runtime Android-livefolders Vhd Hyphenation Azure-worker-roles Root-node Ora-02291 Microsoft-reporting Transplant Desktop-recording Apache-tuscany Subprocess Android Data-harvest Line-through Pseudo-class Js.class Soft-references Href Screen-scraping Acts-as-ferret Apple-radar Samba Uidocumentinteraction Corecon Getdibits Conditional-statements Tivo Simpledateformat Fbx Contrast Spaces Mirroring Uilocalnotification Wcf-http Kml Mediaplayback Retro-computing Clique-problem Scrap-your-boilerplate Bcd Package-private Traceswitch Easymock Webarchive Stack Address-bar Dotproject Windows-nt Lockless Duplex Bzr-svn Application-integration Infinity Nhibernate-metadata