Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Almik Oh! Give me a guitar2014-11-11 13:34:47
Yii
Almik Oh! Give me a guitar, 2014-11-11 13:34:47

Are there any response standards in restful?

Hello!
In general, there is a rest api that some applications can access.
To begin with, the application passes authorization, then receives a token. Using this token, the application will later access the rest api. Question:
in case of incorrect authorization or when the application submits an incorrect token, how (that is, based on what recommendations or standards can be) the server should respond.
For example, at the moment I have authorization, if the application has submitted the wrong password, the following response is returned.

{
  status: 'error',
  msg : 'Wrong credentials!'
}

I would like to know from experts, is it correct to return such a response or is there a standard response for such cases?
Thank you in advance for your reply

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
Sergey, 2014-11-11
Protko @Fesor

There are quite standard status codes:
401 - you need to log in. In this case, on the client, we must ask the dude to enter a username and password
403 - you do not have rights to this action. For example, a user tried to delete something or do something for which he does not have rights.
422 - I cannot process the entity. That is, if the data in the request is not valid for us, the password or email was not entered there and all that.
404 - A user with the same username and password does not exist.
Whether to add a message explaining the problem to the response body is up to you. For good, it's worth adding, because then we can drive error messages from the server. Well, or provide them to the client. But in any case, you need to resolve errors using status codes.
restpatterns.org/HTTP_Status_Codes

Report
A
Alexander Makarov, 2014-11-11
@SamDark

According to the status codes - approximately yes. Roughly because sometimes it varies.
Structurally, the answer is no.

Report
M
Mikhail Osher, 2014-11-11
@miraage

My opinion. (with corrections by Sergey Protko, thanks to him)
When a guest requests resources that require authorization - return 401.
When a guest logs in with incorrect data - 422.
When a user requests resources, but there are no necessary access rights - 403.
When there is no necessary csrf / api token when request - 422.
And give explanations. Here is your choice. Most importantly, describe all the points in the documentation, if someone else will use it.

Similar questions
P
Pavel2018-05-14 11:57:59
How to access the columns of a joined table? 1Reply
H
Herman Martin2018-05-14 13:24:45
How to make it so that the original url doesn't change when using Pjax? 1Reply
N
Nikolai Novosad2016-01-07 15:52:03
Yii2 No database connection? 1Reply
S
Sergey Beloventsev2018-05-17 16:20:32
How to properly set up Assets? 1Reply
A
Andrey2018-05-21 08:54:51
How to display data linked through an intermediate table in a gridview? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question