I'm using Spring Boot and controllers I'm feeling difficulty to treat some errors, for this reason I have some questions about the most appropriate status for each of the following situation:
PUT Object no Id
Put the URL localhost:8080/users/1 with a JSON without the Id attribute.
PUT Object with different parameter Id
Put the URL localhost:8080/users/1 with a JSON with Id 2, ie, different from what was passed in the parameter.
GET with invalid parameter
GET on the URL localhost:8080/users/search?sex=ABC, or an invalid sex for the system (the correct would be sex = male or female?).
JSON POST with id
Performing a POST in order to persist the data (create) but with id.
Case 1. Id is in the uri : no error
Case 3. "400 Bad request" is acceptable. (client should not retry the exact same request)
Cases 2. and 4. Just ignore the Id from the body and return 200 or return a "400 Bad Request"
Note that the id shouldn't be seen as an attribute of the resource: it is a part of the resource identifier.
Related
I'm using the HTTPClient ruby library for making some basic http requests to a REST service I have develop and im wondering now how can I get the response from the service when an error occurred (a status code like 400 or 500 is returned from the service).
What my service does is return the stock of a product in a center, so it takes two parameters (in the url): a product id and a center id. When I call this service passing correct product and center ids the service returns me a 200 - OK status and the stock of the product (for example, 8.0 indicating there are 8 units of the product in that center). However, if I pass a wrong product id (one that is not in our database) the service returns 400 - Bad Request and an error message indicating that the id does not exists.
So I have a method like the following in Ruby
def stock(product, location)
response = #client.get_content("stock/#{product}/#{location}")
end
#client is an instance created with HTTPClient.new that I have configured. On passing ''right'' arguments it returns me what I want so it is well configured
My problem now is that when the service returns an error status code an HTTPClient::BadResponseError exception is thrown and I'm not able to retrieve this error in the response variable.
Is there a way to get the response from the service, no matter which status code it returns? I tried using begin...rescue and I can get some information like the status code and the reason phrase, but not the content of the response (the error message)
You're using get_content which skips a few steps and returns the content. Instead step back and use get which will return a more complete response structure that includes, among other things, the status field you want:
def stock(product, location)
response = #client.get("stock/#{product}/#{location}")
body = response.body
status = response.status
end
I am creating a simple API to validate a membership. Client will have to input a String ID and Server will check if the ID is a valid member of our, lets say, community. The ID must be numeric only, with length 10.
Quite simple right?
If the ID is a valid, of course we will return HTTP Status Code OK.
If the ID is contains alfabet, or less/more than 10, then we will return HTTP Status Code BAD REQUEST.
The question is, what is the best practive HTTP Status Code to return when the ID is numeric and length = 10, but is NOT a member of our community? and why is that.
The endpoints of a REST API are normally resources on which you act using HTTP methods like GET,PUT,POST,DELTE. When you do it like that, its much easier to decide which HTTP status to return.
So may be you could make an endpoint
/member/{id}
if a member with this id exists, return HTTP 200 and if you want some JSON with basic member info
if the id is valid, but no member exists, return HTTP 404 - NOT FOUND
if the id is not valid, length !=10 or contains invalid chars, return a HTTP 400 BAD REQUEST
Here you can find more about REST API design
We have a Java based web application where we use HDIV as our security framework. Fundamentally our app does not have any form tags, rather we have many AJAX calls which brings JSON/HTML response with which the cards in the pages are constructed.
We are making use of POST requests while dealing with sensitive data. Those data's are sent in POST request body. In order to be security compliant we do not include POST requests URL in the hdiv:startPages and if we do that we are getting HDIV related exceptions in our error log saying that "HDIV_PARAMETER_NOT_EXISTS;" we googled around and found that it is expecting the state ID and from these URL's (https://github.com/hdiv/hdiv/wiki/Appendix-C:-Ajax and https://github.com/hdiv/spring-mvc-showcase/blob/master/src/main/webapp/WEB-INF/views/partialform.jsp)we figured out how the HDIV state ID can be added for AJAX end points.
But the catch here is if the state ID is generated and appended as a query parameter to the AJAX end URL then HDIV is not throwing any exceptions since it identifies the state ID parameter from the end URL. On the other hand if we try to add the state ID in the request body then it throws the exception stating that the "HDIV_PARAMETER_NOT_EXISTS;".
Precisely,
We are not suppose to include POST request AJAX end point in hdiv:startPages
In order to do that we should append the state ID as part of the URL
That state ID should be in POST request body and not as a query parameter in the URL.
HDIV exception is thrown when state ID is in the request body and works only if it is available as a query parameter in the end point. For POST requests generally it is not recommended to add a parameter as a query string value.
It would be great if some one could guide us in this regard.
Thanks!!!
Sai
Same issue was answered in HDIV's Github issue tracker: https://github.com/hdiv/hdiv/issues/83
I hope it helps!
Gotzon Illarramendi(HDIV Team)
In Web API v2 when you supply data in the POST body that are not part of the model, they are ignored by the framework. This is fine in most cases, but I need to check this and return an error response, so the user doesn't get unexpected results (he expects these wrong parameters to do something...).
So how do I check for this? The model will be null, but when the framework has parsed the data and returned a null-model, I can no longer access the body through Request.Content. So what options are there?
One way is to derive your DTO class from DynamicObject. Check out my blog post: http://lbadri.wordpress.com/2014/01/28/detecting-extra-fields-in-asp-net-web-api-request/
In my Cappuccino frontend I'm using Ratatosk to make queries to a RESTful JSON-based API.
When I create a new resource with
[myNewResource ensureCreated];
my backend returns the status code 201 and a Location header with the URI of the newly created resource. The response body is empty. As far as I know, that's the way a REST API should react to successful POST requests.
But upon receiving the response, Ratatosk calls
- (void)connection:(CPURLConnection)aConnection didReceiveData:(CPString)data
(in WLRemoteLink.j) and tries to decode the response body. This throws an error because the response body is empty. As a consequence, the request is repeated infinitely.
How should I go about this? Am I supposed to return the whole resource in the response body?
EDIT:
Returning the ID in the response solved the problem, like
{"id":1}
Ratatosk expects the status code 204 (no content) if the response is to be empty. Otherwise it expects the full representation of the resource which was just created (which it uses to populate server side dynamic properties locally like created_at).