AnsweredAssumed Answered

Improving REST API, bad error behaivior

Question asked by damokles on Jan 23, 2012
Hi,

when calling the login method the server replies with json on success but if the credentials do not match it replies with HTTP 500 Internal Server Error and some HTML text. From an API perspective this is bad since I can't really distinguish if I call the service incorrectly or if the login data is just wrong. I would suggest to use the HTML errors only when the API is used incorrectly (e.g. bad/missing parameters) but for every error that is the result of normal API usage the errors should be in json format, so that the client can consume them directly without some HTML parsing voodoo.

My suggestion is:
Login Successful (as is)

{
  "success": true
}

Login Failed
{
  "success": false,
  "error": {
    "code": 1337,
    "reason": "Username and password does not match."
  }
}

As for the /task/{userId} it also throws an 500 error when an userId is not found. Wouldn't a 404 make more sense here?
The /group/{groupId} returns a 204 instead of an 404 when a groupId is not found.

And the error for not providing HTTP Basic Auth credentials should be changed from 403 to 401.

For reference: HTTP Status Codes

Any comments on this matter are welcome.

Outcomes