Barolina/http status.md

## http status.md

      
    Raw
  

              http status.md
            
          
    HTTP Return Code

HTTP defines status code. When designing REST API, don't just use 200 for success or 404 for error. Always use the semantically appropriate status code for the response.
Here is a non-exhaustive selection of security related REST API status codes. Use it to ensure you return the correct code.


Code
Message
Description


200
OK
Response to a successful REST API action. The HTTP method can be GET, POST, PUT, PATCH or DELETE.


201
Created
The request has been fulfilled and resource created. A URI for the created resource is returned in the Location header.


202
Accepted
The request has been accepted for processing, but processing is not yet complete.


301
Moved Permanently
Permanent redirection.


304
Not Modified
Caching related response that returned when the client has the same copy of the resource as the server.


307
Temporary Redirect
Temporary redirection of resource.


400
Bad Request
The request is malformed, such as message body format error.


401
Unauthorized
Wrong or no authentication ID/password provided.


403
Forbidden
It's used when the authentication succeeded but authenticated user doesn't have permission to the request resource.


404
Not Found
When a non-existent resource is requested.


405
Method Not Acceptable
The error for an unexpected HTTP method. For example, the REST API is expecting HTTP GET, but HTTP PUT is used.


406
Unacceptable
The client presented a content type in the Accept header which is not supported by the server API.


413
Payload too large
Use it to signal that the request size exceeded the given limit e.g. regarding file uploads.


415
Unsupported Media Type
The requested content type is not supported by the REST service.


429
Too Many Requests
The error is used when there may be DOS attack detected or the request is rejected due to rate limiting.


500
Internal Server Error
An unexpected condition prevented the server from fulfilling the request. Be aware that the response should not reveal internal  information that helps an attacker, e.g. detailed error messages or  stack traces.


501
Not Implemented
The REST service does not implement the requested operation yet.


503
Service Unavailable
The REST service is temporarily unable to process the request. Used to inform the client it should retry at a later time.
Code	Message	Description
200	OK	Response to a successful REST API action. The HTTP method can be GET, POST, PUT, PATCH or DELETE.
201	Created	The request has been fulfilled and resource created. A URI for the created resource is returned in the Location header.
202	Accepted	The request has been accepted for processing, but processing is not yet complete.
301	Moved Permanently	Permanent redirection.
304	Not Modified	Caching related response that returned when the client has the same copy of the resource as the server.
307	Temporary Redirect	Temporary redirection of resource.
400	Bad Request	The request is malformed, such as message body format error.
401	Unauthorized	Wrong or no authentication ID/password provided.
403	Forbidden	It's used when the authentication succeeded but authenticated user doesn't have permission to the request resource.
404	Not Found	When a non-existent resource is requested.
405	Method Not Acceptable	The error for an unexpected HTTP method. For example, the REST API is expecting HTTP GET, but HTTP PUT is used.
406	Unacceptable	The client presented a content type in the Accept header which is not supported by the server API.
413	Payload too large	Use it to signal that the request size exceeded the given limit e.g. regarding file uploads.
415	Unsupported Media Type	The requested content type is not supported by the REST service.
429	Too Many Requests	The error is used when there may be DOS attack detected or the request is rejected due to rate limiting.
500	Internal Server Error	An unexpected condition prevented the server from fulfilling the request. Be aware that the response should not reveal internal information that helps an attacker, e.g. detailed error messages or stack traces.
501	Not Implemented	The REST service does not implement the requested operation yet.
503	Service Unavailable	The REST service is temporarily unable to process the request. Used to inform the client it should retry at a later time.