So status only exists in one case, and it is hard to detect the problem (temporary vs permanent, user error (wrong url) vs resource not found) from the message. IMO it should be present in all cases. Further, I think it is bad to send the full error message to the client, exposing internals.
For a successful request (https://cp-aec-stg.cert.at/api/1.0/ripe/contact?cidr=83.136.39.0/24), this is the response:
Errors (https://cp-aec-stg.cert.at/api/1.0/ripe/contact?cidr=127.0.0.0/8):
https://cp-aec-stg.cert.at/api/1.0/ripe/contact?cidr=127.0.0.asd23/8
And failed authentication:
So status only exists in one case, and it is hard to detect the problem (temporary vs permanent, user error (wrong url) vs resource not found) from the message. IMO it should be present in all cases. Further, I think it is bad to send the full error message to the client, exposing internals.