What is optimal HTTP response Code when not reporting 200 (everything OK) but error in input?
Like, you submit some data to server, and it will response that your data is wrong
using 500 looks more like Server Issue
using 200 with warning/error response text is bad (allowing caching and everything is not OK)
using 204 and returning nothing, is maybe good (but well supported?)
using 404 is wrong if requested path (script) is available and in proper place
We had the same problem when making our API as well. We were looking for an HTTP status code equivalent to an InvalidArgumentException. After reading the source article below, we ended up using 422 Unprocessable Entity which states:
The 422 (Unprocessable Entity) status code means the server understands the content type of the request entity (hence a 415 (Unsupported Media Type) status code is inappropriate), and the syntax of the request entity is correct (thus a 400 (Bad Request) status code is inappropriate) but was unable to process the contained instructions. For example, this error condition may occur if an XML request body contains well-formed (i.e., syntactically correct), but semantically erroneous, XML instructions.
source: https://www.bennadel.com/blog/2434-http-status-codes-for-invalid-data-400-vs-422.htm
Codes starting with 4 (4xx) are meant for client errors. Maybe 400 (Bad Request) could be suitable to this case? Definition in http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html says:
"The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications. "
409 Conflict could be an acceptable solution.
According to: https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request. The response body SHOULD include enough information for the user to recognize the source of the conflict. Ideally, the response entity would include enough information for the user or user agent to fix the problem; however, that might not be possible and is not required.
The doc continues with an example:
Conflicts are most likely to occur in response to a PUT request. For example, if versioning were being used and the entity being PUT included changes to a resource which conflict with those made by an earlier (third-party) request, the server might use the 409 response to indicate that it can't complete the request. In this case, the response entity would likely contain a list of the differences between the two versions in a format defined by the response Content-Type.
In my case, I would like to PUT a string, that must be unique, to a database via an API. Before adding it to the database, I am checking that it is not already in the database.
If it is, I will return "Error: The string is already in the database", 409.
I believe this is what the OP wanted: an error code suitable for when the data does not pass the server's criteria.
I recommend using 418 when client request something absurd that the server can't process. Like the server is a teapot but client is requesting coffee kind of stuff. Here is all the (400–499) client side error messages: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status#client_error_responses
404 - Not Found - can be used for The URI requested is invalid or the resource requested such as a user, does not exists.
Related
while I am running the script in j meter some http requests show 409 error.
I've recorded a website while executing the script in view results tree it shows 409 conflict error in some http requests.
As per HTTP Status 409 description:
The HTTP 409 Conflict response status code indicates a request conflict with the current state of the target resource.
Conflicts are most likely to occur in response to a PUT request. For example, you may get a 409 response when uploading a file that is older than the existing one on the server, resulting in a version control conflict.
So it looks like exactly your case: you recorded a request which modified some file and its timestamp is older that the current version in the system under test.
Inspect the request and perform parameterization of the request data, for example if there is a hard-coded date and/or time use i.e. __time() function to send the current timestamp.
See JMeter Parameterization: The Complete Guide for more hints
Most likely you are creating duplicate entities due to repeating the same requests. You have to make sure all entities are unique (if this is required by the system). You have to modify all http samplers that create something which should be unique.
I have given two url in csv file and trying to load that in jmeter. I am getting 503 response code.
As per HTTP 503 status code description
The HyperText Transfer Protocol (HTTP) 503 Service Unavailable server error response code indicates that the server is not ready to handle the request.
Common causes are a server that is down for maintenance or that is overloaded. This response should be used for temporary conditions and the Retry-After HTTP header should, if possible, contain the estimated time for the recovery of the service.
Note: together with this response, a user-friendly page explaining the problem should be sent.
Caching-related headers that are sent along with this response should be taken care of, as a 503 status is often a temporary condition and responses shouldn't usually be cached.
So I can think of at least 3 possible issues:
Your server is really overloaded, you can try checking Response Data tab of the View Results Tree listener - if you're lucky - you will the the aforementioned "user-friendly page explaining the problem"
Your request is malformed and server is sending 503 response instead of 4xx which indicates client-side error. Double check what URL(s) you're trying to open by looking into Request tab of the View Results Tree listener and try to open it in the browser. If you're building the URL from parts (i.e. host, port, protocol, query string, etc.) - you might want to check if the values are correctly read from the CSV file using Debug Sampler
I fail to see HTTP Header Manager in your Test Plan, some servers check the client Headers, for example User-Agent or Accept and may report an error if the required header is missing (i.e. indicating that the browser is not supported)
I'm developing an application which acts as an Http-Proxy for serving files from an external resource. It actually downloads the file from the external resource, checks for viruses and if the file is not infected, returns the file to the client.
My problem is, in case of the file is infected, what HTTP Status code my service should return? I suppose that any type of 4xx error codes is not appropriate for that situation because this class of code is intended for Client errors.
Is a 502 (Bad Gateway) error more appropriate?
Is there any kind of Standard that covers this situation?
I think you are right maestromarko : 502 Bad Gateway. Read the specifications here:
The 502 (Bad Gateway) status code indicates that the server, while
acting as a gateway or proxy, received an invalid response from an
inbound server it accessed while attempting to fulfill the request.
Your proxy is acting as a Gateway and he received what it conciders is invalid as there are virus in it.
It is not a 4xx class error, because whatever the client changes in the request, the result will still be an error.
See also this decision diagram
Http response codes are only meant to handle http specific conditions so I don't think there is a correct answer as such. But some possibilities...
204 - "The server successfully processed the request and is not returning any content"
403 - "The request was valid, but the server is refusing action"
https://en.m.wikipedia.org/wiki/List_of_HTTP_status_codes
I'm building an ODATA compliant API using ASP.NET WebAPI?
Got a question about how it should behave when a $filter has no results?
Should it return an empty collection? or send HTTP 404 response?
Any ideas/reasoning? I'm biased towards returning an empty collection, but would it violate a recommended practice?
Given you are not directly addressing an individual resource at a specific known Request-Uri (e.g. /resource/{uid}) and your collection is also a known addressable Request-Uri (e.g. /resource) then a 404 would be inappropriate.
An empty collection is what I would expect if I was consuming your API.
Stick to the OData specifications 3.0:
9.1.1. 200 OK Response Code
A GET, PUT, MERGE, or PATCH request MAY return 200 OK if the operation is completed successfully. In this case, the response body MUST contain the value of the entity or property specified in the request URL.
9.2.1. 404 Not Found Response Code
If the entity or collection specified by the request URL does not exist, the service SHOULD respond with 404 Not Found and an empty response body.
or even more precise in OData specifications 4.0
9.1.1 Response Code 200 OK
A request that does not create a resource returns 200 OK if it is completed successfully and the value of the resource is not null. In this case, the response body MUST contain the value of the resource specified in the request URL.
9.2.1 Response Code 404 Not Found
404 Not Found indicates that the resource specified by the request URL does not exist. The response body MAY provide additional information.
I do not think HTTP 404 should be used. The code is used to indicate a reference to a non-existing resource.
The HTTP code 204 (no content) might be a better choice then 404. But an empty collection is a better idea because it would make it easier to use the API.
When constructing an API response, which method is better for (manually) returning the status code to indicate the validity of the request:
1 - Embed a response code within the JSON response
{
'status_code' => 200,
'status_message' => 'OK',
'data' => { ... }
}
2 - Or is it better to modify the HTTP Headers Status field?
Request URL:http://somesite.com
Request Method:GET
Status Code: 200 (EDITING THIS ONE)
I would think that the HTTP Statuses should only be regarding connection errors and file retrieval errors that occur at the server level rather than altering this to address application level errors.
Any good articles and resources to read would be very appreciated as well.
I have found the best way to present errors in a REST Request is to change the HTTP Status Code to the proper error, and embed the error in the response.
If you are using JSON, it might look like this, with the status code set to 500 for this example:
{"error" : "An error has occurred while trying to read from the database."}
This is the same method that Microsoft CRM uses to report errors, and it has proved to be a good method; RESTFul applications will not fail to parse the response if they are expecting JSON (or XML, if you are using that).
This question addresses the same issue (perhaps from a slightly different perspective).
I think that, in general, if a request to a resource in your application results in an error condition, that fact should be reflected in the HTTP headers. You can use the application response to provide more detailed information.
Update: Here is an interesting mapping of application errors to status codes (used by Azure).