I’m developing a RESTful application that integrates with other webservices.
My question is, which HTTP status should I return if my client posts data that is invalid for one of those webservices? For example, if it posts a name that is invalid for a webservice that my application uses, which of the 4** status codes should I return, considering it’s a user input error?
Some considerations I’ve made, and why I’m not comfortable of using them:
- 400: The data is invalid, but not the request format itself
- 403: The server is not refusing to respond, although the data is invalid
- 406: The error is in a provided parameter, not in the “accept” header
- 412: The error has nothing to do with “If-Match” header
So, what would you use in this case?
In real life, HTTP status codes for REST and other web services can be vague and hard to clearly specify. Things also get interesting if your client is actually talking to a proxy server and that proxy sends back its own status. If there’s a problem in your web service (perhaps below your app) you may just get 500.
In the past I would opt for returning 200 and using your own JSON-or-whatever structure for returning error information for your client.