HTTP 403 or 406 for post requirements violation?

Simple question:

I have a POST endpoint which expects some text input. The text input must not be longer than x characters. If it is I'll respond with an error message.

But which HTTP status code will be the correct one?

0.4.4 403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. [..]

10.4.7 406 Not Acceptable

The resource identified by the request is only capable of generating response entities which have content characteristics not acceptable according to the accept headers sent in the request.

10.4.18 417 Expectation Failed

The expectation given in an Expect request-header field [..] could not be met by this server [..]

Source: w3.org


I guess that's existed question. Shortly the proper HTTP Code is 400 + optional description .

You can checkout more detailed answer here: REST HTTP status codes for failed validation or invalid duplicate


In my opinion none .

You shouldn't use HTTP status code as some kind of validation/programming around it to get specific result. 4xx codes define what is wrong with request and resource(resource not found, request not authorized, resource forbidden etc.), they shouldn't be used to determine whether some textboxes values in request's body are correct.

Personally I prefer returning HTTP 200 status code and just returning some message in it(or sometimes HTTP 500 because validation throws an error). Anyway, for most users you should catch an error on the client side with some kind of JS validation, not by catching it from API.

If you really want to use HTTP status code to some kind of application logic, I'd suggest using HTTP 400 since it defines following constraint: The client SHOULD NOT repeat the request without modifications.

链接地址: http://www.djcxy.com/p/45432.html

上一篇: ReST:201创建后,用于轮询资源的http 204状态码

下一篇: HTTP 403或406是否违反邮政要求?