Differentiating public API responses from authenticated API responses

I'm building an API which I would like to utilize in both my web app and on a public facing website. It's behavior simple:

If an authenticated request is made, return all data for the resource(s).

If an unauthenticated request is made, return public/published data for the resource(s).

I figured I would look into using status codes to differentiate the responses based on the two behaviors above instead of utilizing metadata in the response.

Is it acceptable to use a status code of 200 for the first behavior and 206 for the second behavior?

It's unclear to me if 206 is used properly in this instance according to http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

---

Is it acceptable to use a status code of 200 for the first behavior and 206 for the second behavior?

No, it is not acceptable. 206 Partial Content is the status given in response to explicit requests for some particular range of bytes from the full response. As documented under section 10.2.7:

The request MUST have included a Range header field (section 14.35) indicating the desired range

In your case, an "unauthenticated request" will not per se include a Range header and therefore a 206 response would violate the specification.

链接地址: http://www.djcxy.com/p/45422.html

上一篇: 从原始响应中删除HTTP标头

下一篇: 区分来自经过认证的API响应的公共API响应