What would be the right HTTP status code to use for business errors like the one described above? . We have reserved HTTP 500 for server errors that do not give ANY response - i.e timeouts, internal code exceptions etc, and want to use 200 only if the request has completed successfully - i.e it's a success from the business and user's point of view (ex: card authorization succeeded). Please share your inputs on this.
What are your thoughts on responding with HTTP status 409 along with a machine-readable error code in response body for all such cases, or do we need to consider this case by case?
The client code can map "payment.auth.failed" to a user-friendly message say "Your credit card was declined. Please use a different card" , since the service layer does not want to be responsible for maintaining the UI messages.
--
You received this message because you are subscribed to a topic in the Google Groups "API Craft" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/api-craft/_dfnBKImNCI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to api-craft+...@googlegroups.com.
Visit this group at http://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.
In my opinion it is important to consider how a client can recover from the error condition. This should not be based on out-of-band information. Building an arcane system of error codes where you redefine or restrict the meaning of status codes (403 is system, 409 is business) seems not so wise. Some HTTP status codes do define strategies for the client to follow on the application protocol level. If these are not sufficient, the server should guide the client by returning a document which contains the necessary hyperlinks to recover. In other words, use hypertext as the engine of application state. Return a document that has an action to try another card. That document represents the error state of your application. The client did nothing wrong, therefore 200 is appropriate.
See the uber mediatype for a suitable media type that supports actions [1] . There are others which are based on json (hydra, siren)
[1] https://rawgithub.com/mamund/media-types/master/uber-hypermedia.html