Checking HTTP status 400 versus checking
While RFC 7231 was intended to be of clarity, it obviously caused ambiguity about the 400 status code. Note this Answer and Comments . One person says 400 now includes boolean, application or validation , another says 400 is still only for syntactic or validation .
6.5.1. 400 Bad Request
The 400 (Bad Request) status code indicates that the server cannot or will not process the request due to what is perceived as a client error ( such as invalid request syntax, invalid message display request, or deceptive request routing ).
I would like a more definitive answer about this. Consider two scenarios where POST or PUT tried to provide an email address:
- The email address found in the validation request was not found (for example, it contains "hello # gmail.com"). Reply to 400 is sent.
- The email address found in the validation request was not found (for example, another user is already using this address). A ??? reply sent.
I want to follow RFC 7231. My reading 6.5.1 tells me that a validation error should get a 409 (or 422) response. But others disagree and argue that it should now be 400.
Does anyone have more information to resolve this ambiguity?
source to share
200 is a fine status code to send in this situation. After all, if HTML forms return 4xx, when do you not enter a valid zip code?
Status codes are for general consumption, not application semantics. They are useful when a non-specific recipient - like a proxy, cache, HTTP library - might be doing something interesting when it arrives.
Thus, 400 should be used when there are errors related to client problems (e.g. bad HTTP request syntax ). This was made more general in 7231 because the x00 status codes are the most general of their series and should be considered fallback when no more specific status code is defined.
You can also use 400 for a validation error, and in theory it would be a little helpful in that the HTTP library knows not to repeat this request - but of course, you shouldn't worry too much if it's 200.
source to share