what status code to throw when there is a concurrency error?

Asked 8/1, 2019 at 12:43 Answered 24/1, 2022 at 11:48

I have a rest that receives among other things, a date and with it, makes a reservation. The problem occurs when 2 people "at the same time" try to book on the same day, at the same time.

Obviously, the first one who makes the request, will be able to book the appointment, so I will return a status of 200. On the other hand, the one that arrives later, will make the same request, but the server will throw an error because it can not reserve the Same appointment (already reserved). In this case, what http state code should be thrown?

A family code of 500 would not seem right, because the exception that is thrown, is caused by the very logic of the business.

On the other hand, a state code of the family of 400 would not seem right either because the request is well formulated

Thanks!

Dempstor answered 8/1, 2019 at 12:43 Comment(4)

409 - Conflict? – Alecalecia 8/1, 2019 at 12:51

A 409 error is probably what you're looking for. For you reference - en.wikipedia.org/wiki/List_of_HTTP_status_codes – Langbehn 8/1, 2019 at 12:53

@MAT if you're going to refer to a list of error codes, why not use the actual canonical list? iana.org/assignments/http-status-codes/http-status-codes.xhtml – Alexandros 8/1, 2019 at 14:46

Nice one @EricStein, will refer to the canonical list you suggested going forward. – Langbehn 8/1, 2019 at 15:16

I was researching this myself and jonrsharpe's suggestion of 409 Conflict is most appropriate.

https://www.rfc-editor.org/rfc/rfc7231#section-6.5.8:

The 409 (Conflict) status code indicates that the request could not be completed due to a conflict with the current state of the target resource. This code is used in situations where the user might be able to resolve the conflict and resubmit the request. The server SHOULD generate a payload that includes enough information for a user to recognize the source of the conflict.

Conflicts are most likely to occur in response to a PUT request. For example, if versioning were being used and the representation being PUT included changes to a resource that conflict with those made by an earlier (third-party) request, the origin server might use a 409 response to indicate that it can't complete the request. In this case, the response representation would likely contain information useful for merging the differences based on the revision history.

Lashawna answered 8/5, 2020 at 17:30 Comment(0)

The appropriate error code depends on the implementation and where the concurrency error is detected.

If you use Http If-Match header the Http specification requires a 412 precondition failed (error because of header information), while 409 is used if the entity would cause a conflict.

In a race condition two requests could pass the If-Match check and only the database or the domain layer detects the conflict. In that case I would return a 409, because the precondition was valid.

If you wouldn't use If-Match and ETags, but use a version id in the body then you need to use 409. Be aware that DELETE should not have a body.

The "Zalando RESTful API and Event Guidelines" has a great comparison of various options for optimistic locking

Wini answered 24/1, 2022 at 11:48 Comment(0)

Recommended topics

Hot tags