which http status code for payload validation...

[miqui]

hi 

i am designing a RESTful API in which one route simply validates the JSON payload submitted in the request. I am thinking that the "resource" in this case is the result of this validation and that the HTTP status

code returned should be 200 and not any of the 4xx series. The request is valid, but the result did not pass validation based on business rules.  The consumer of the API is inclined and/or expects the API to probably 

return a 4xx.  With a status of 200, you then have to inspect the JSON response message explaining where the validation failed. .. thoughts?  thanks.

rgds,

miqui

[sune jakobsson]

In cases where the input is valid, but the processing is asynchronous, the use of 202 "Accepted" is used. Then the status can be obtained later, and depending on the processing result, the server can return an appropriate status or error message.

Sune

--
You received this message because you are subscribed to the Google Groups "API Craft" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.

[Jørn Wildt]

> With a status of 200, you then have to inspect the JSON response message explaining where the validation failed

You would probably have to do the same for any 4xx code: I would expect this kind of validation to return more info than just "not valid". It should include details about why - and that needs to be included in the body.

But, since your resource is a validation resource, I would expect that any expected output of the validation should be 200 indicating "I did the validation - and the validation process ran 200 OK. Here is the result: X is too small, Y should be a date, Z+W should be a prime number..

If your resource returns 400 it would indicate "I did try to run the validation, but the input you supplied is not valid (I do not understand it), so I cannot do the validation you asked me to do".

There is a "meta level" involved here which playes with your normal understanding of the status codes :-)

/Jørn

--

[miqui]

..hi, Jorn (how do you gen a "o with a slash" char? - i am on a Mac)

.I agree with your meta comment.... thanks.

rgds,

miqui

To unsubscribe from this group and stop receiving emails from it, send an email to api-craft+...@googlegroups.com.

[Lukas Rosenstock]

Hello miqui,

if you have an API endpoint which is specifically for validation I would to it like this: For example, if you endpoint validates email addresses and requires an input field called email then if that field is missing it should be a 400 error. However if it contains an invalid address the endpoint should still return 200 because there’s nothing wrong with the way the API was called but with the user’s input.

This works also better with some client libraries.

You could return a JSON struct such as { „valid“ : true } or { „valid“ : false } as a response; and in the false case add some fields which describe the error and give some hints on how to produce a valid input.

Lukas Rosenstock

https://cloudobjects.io/

[miqui]

hi Lukas...... indeed, this is pretty much what i am doing now...  thanks!

rgds,

miqui