Send response status 401 Unauthorized when token is expired or reached limits

AgroDataCube / api-v1

AgroDataCube API service Version 1 - A newer version is in use now.

1 stars 0 forks source link

Send response status 401 Unauthorized when token is expired or reached limits #43

Closed robknapen closed 4 years ago

robknapen commented 6 years ago

Currently when no token, an invalid or expired token, or a token with exceeded limits, is send in the request the server responds with a http 500 status (Internal Server Error). A 4xx error such as 401 makes more sense.

yke commented 6 years ago

I discussed this last week with Inge. Beside the status 500 also a valid message (json) is returned indicating the problem. So her suggestion was return a http 200 and a valid message (json) indicating issue. In many cases when a non http 200 code is returned textual results are either unexpected or no accessible.

robknapen commented 6 years ago

I would prefer using the standardized http status codes (such as 400, 401, 403, 404) where appropriate.

If we do deviate from that we have to clearly document how we use the http codes and what custom json status messages clients should expect. And maybe make them more machine processable by adding an error code.

yke commented 4 years ago

Will not be solved due to existence of V2