What is your preferred API error response and why?(lemy.lol)

posted 5 months ago

iso@lemy.lol

programming@programming.dev

90 commentshide report

I prefer simplicity and using the first example but I’d be happy to hear other options. Here’s a few examples:

HTTP/1.1 403 POST /endpoint
{ "message": "Unauthorized access" }

HTTP/1.1 403 POST /endpoint
Unauthorized access (no json)

HTTP/1.1 403 POST /endpoint
{ "error": "Unauthorized access" }

HTTP/1.1 403 POST /endpoint
{
  "code": "UNAUTHORIZED",
  "message": "Unauthorized access",
}

HTTP/1.1 200 (🤡) POST /endpoint
{
  "error": true,
  "message": "Unauthorized access",
}

HTTP/1.1 403 POST /endpoint
{
  "status": 403,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized access",
}

Or your own example.

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments View context

[ - ]

Kogasa@programming.dev

5 points

5 months ago

There may be a need for additional information, there just isn’t any in these responses. Using a basic JSON schema like the Problem Details RFC provides a standard way to add that information if necessary. Error codes are also often too general to have an application specific meaning. For example, is a “400 bad request” response caused by a malformed payload, a syntactically valid but semantically invalid payload, or what? Hence you put some data in the response body.

permalink

report

parent

[ - ]

SorteKanin@feddit.dk

1 point

5 months ago

A plain 400 without explanation is definitely not great UX. But for something like 403, not specifying the error may be intentional for security reasons.

permalink

report

parent

[ - ]

b_n@sh.itjust.works

1 point

5 months ago

I know of some people that never use 403, but instead opt for 404 for security reasons. 403 implies that there is something they could have access to, but don’t.

I think in some situations that this can be valid, but it shouldn’t be a crux.

permalink

report

parent

[ - ]

SorteKanin@feddit.dk

2 points

5 months ago

404 is definitely also used sometimes for hiding stuff that shouldn’t be seen, but 403 may still be appropriate for various stuff where there is nothing to hide. With 404 you probably also never want to give any explanation or error message.

permalink

report

parent

Programming

!programming@programming.dev

Create post

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person’s post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Follow the programming.dev instance rules
Keep content related to programming in some way
If you’re posting long videos try to add in some form of tldr for those who don’t want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

Community stats

2.5K
Monthly active users
1.9K
Posts
30K
Comments

Rules

Wormhole

Community stats

Community moderators