Let's say I'm building a backend endpoint /find-icon?q=apple
as part of a large monolithic app. What it does is simply forward the request to a 3rd party service, FindIcon.com. Essentially it's a proxy except that it adds FindIcon.com API credentials.
What should this endpoint do in the case of an 400–599 status response from the 3rd party service? Specifically:
First, what status code should /find-icon
return in case of a third-party error? Each class of codes seems to have downsides:
- 20x hides the error from the client. For example, it doesn't show up in red in the browser tab, making debugging harder.
- 40x seems semantically wrong, given that, according to the HTTP spec, "the 4xx (Client Error) class of status code indicates that the client seems to have erred".
- 50x on the backend or Load Balancer typically causes backend alerts, which are set to trigger when X amount of 50x errors occur in a given time frame. This will cause an on-call incident, waking up people, which may or may not be what