Login/Register
What's an appropriate HTTP status code to return by a REST API service for an expired entity?
Asked Answered
Solved resthttp-status-codescontent-expiration
L

4

8

Let's say we have an online shop and receive a valid request of updating some order.

The request is valid by itself, but let's say that the order has an expiration time, and it has already expired, so this request is unprocessable in fact.

I doubt if it is a kind of validation error or not. Because, as I stated above, the request itself is valid; and a request sender might not know that order has already expired.

What's an appropriate HTTP status code to return by a REST API service for such a situation?

Warning: Due to the general requirements for the product, it should be some of 4XX error codes!

UPD: More information: this putative "order" still exists, even being expired. It is possible to retrieve it, but it is not possible to operate it anymore. That's why the code 404 (for example) is not appropriate.

Lustre answered 29/3, 2018 at 12:12 Comment(11)
API precondition order should be valid i.e not expired i don't think API should return HTTP Status code instead API should return a custom error message.Gayn
Depends on the resource being targeted. Is your request towards an existing shopping cart, identified by an URI segment? Does that shopping cart disappear when the order expires? Your question does not contain enough constraints to be adequately answered. You also can't shoehorn every application error into HTTP status codes, consider using a response body with a meaningful response and a generic 404/400 instead.Instrumentalism
@Instrumentalism 404 is certainly incorrect, as resource exists and can be retrieved. It simply expiredLustre
A 410 is a 404 on steroids. If 404 doesn't apply, then 410 definitely also doesn't. See also Do web applications use HTTP as a transport layer, or do they count as an integral part of the HTTP server?.Instrumentalism
@Instrumentalism great, so suggest please your solutionLustre
I did in my previous comment: you need to provide more information to get a definitive answer.Instrumentalism
@Instrumentalism I have updated my question. Please, bear in mind, that this is an imaginary example. Certainly I am dealing with absolutely different product and entities. I have just tried to find a simple similar example.Lustre
#3290682?Instrumentalism
@Instrumentalism As I underlined twice in my question, it is not about validation. Neither about duplicate. I don't see any correlation between the described case and the question which you have linkedLustre
Don't stop reading at the title. The duplication is not the point, the validation is. A user is trying to operate on a resource that exists (hence no 404 nor 410), but which may not be modified, or at least not modified according to the current request. Therefore: 409 conflict or 422 unprocessable entity. Really, there are so few HTTP status codes that for each scenario plenty of discussions were already had. Edit your question to include your research and reasoning why certain status codes do or don't apply.Instrumentalism
@Instrumentalism too much efforts list all the codes, seriously. But you are right in sense of the code 410. I have started thinking about the code 400Lustre
L
9

My own version:

I think that for such situation the 410 status code is most appropriate:

The 410 response is primarily intended to assist the task of web
maintenance by notifying the recipient that the resource is
intentionally unavailable and that the server owners desire that
remote links to that resource be removed. Such an event is common
for limited-time, promotional services and for resources belonging to individuals no longer associated with the origin server's site. It
is not necessary to mark all permanently unavailable resources as
"gone" or to keep the mark for any length of time -- that is left to
the discretion of the server owner.

https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html:

The requested resource is no longer available at the server and no forwarding address is known. This condition is expected to be considered permanent. Clients with link editing capabilities SHOULD delete references to the Request-URI after user approval. If the server does not know, or has no facility to determine, whether or not the condition is permanent, the status code 404 (Not Found) SHOULD be used instead. This response is cacheable unless indicated otherwise

Lustre answered 29/3, 2018 at 12:17 Comment(1)
Not sure why you still keep the outdated 2616 information in your answer and only half of the semantical explanation on 410 of the current RFC where the most intersting part is kept in the second paragraph IMOJeroldjeroma
M
3

Use 410 Gone.

The target resource is no longer available at the origin server and that this condition is likely to be permanent.

Majordomo answered 29/3, 2018 at 12:18 Comment(2)
That's what exactly I have proposed ;-)Lustre
Yes, only seconds apart.Majordomo
T
3

I'll say that 400 fits better than 410.

IMO 410 (Gone) doesn't fit because the resource is not gone. It's still there, simply in kind of a final (in this case expired) state.

400 means BadRequest. Per my interpretation, trying to UPDATE something, that is not updatable (trying to update expired item) is a BadRequest.

I believe, that 400 is not only for badly formatted requests, but also for requests that does not meet internal business logic validation (in this case, not updating an expired item, is an internal business logic).

Touchhole answered 15/4, 2020 at 7:28 Comment(0)
O
1

I would choose one of these: 400 - Bad request 410 - Gone

from : https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Ordination answered 29/3, 2018 at 12:19 Comment(3)
Which? And why?Majordomo
410: Indicates that the resource requested is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices.[41] Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead.Ordination
the above comment have make sense for meTranscontinental

© 2022 - 2024 — McMap. All rights reserved.