Home/ Questions/Q 8812131
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T03:32:07+00:00

I am currently implementing a token REST service. A token is just a string,

  • 0

I am currently implementing a “token” REST service.

A token is just a string, built from some parameters, which is then hashed and expires after a certain amount of time.

I want to have an endpoint in my REST service which can validate a token, but I’m not 100% sure how to implement it in a RESTful way

  1. I assume this should be done via GET because it doesn’t change state and so long as i set cache controls correctly it can be cached for a sensible amount of time. i.e mysite.com/token/kjfhwekjfwekj
  2. What are the appropriate return codes? I would assume 200 if it is valid, but what about if it’s invalid? I feel a 400 is wrong because although the resource itself is invalid, the client isn’t calling the endpoint incorrectly. Is 404 correct here? If we think of tokens as short lived resources I guess so?
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    GET is the correct HTTP verb to check a token.

    Assuming that ‘invalid’ for a token means that:

    1. it never existed, or
    2. it existed but does not exist anymore.

    Do you want the client of your service to be able to know the difference?

    • If yes, return 404 Not Found for case 1, and 410 Gone for case 2.
    • If no, return 404 Not Found.

    If the token exists, 200 OK is correct.

    • 0