I'm new to REST - so apologies if any of this sounds dumb.
Say I have a "item representation" - for simplicity there are two items A and B - item A has a link to item B - but in some circumstances I want to make B forbidden AND I want to let the user know why item B is forbidden.
So call to Item A ...
/api/item/ITM-A
then try to follow the link to ...
/api/item/ITM-B (which is forbidden)
So a couple of options (bearing in mind I want to say why the representation was forbidden) ...
1. Return ITM-B with 403 and a message describing the issue
2. Return ITM-A with the 403 and a message describing the issue
Is returning ITM-B with data breaking some rule? It's supposed to be forbidden, but I'm returning 'something' to say why it's forbidden. I think I prefer it, but is it best to return A - which maybe suggests more that B is inaccessible? But then the 403 on ITM-A doesn't make sense, as 403 is accessible.
Like I said at the start, apologies if this is dumb question, but some more experienced opinion would be very welcome. :)