I want to know what is the ideal HTTP status code an API should return when a user's license has reached?
Initially I was thinking its 402 (Payment Required) but this is not my scenario. My case is if my user has a limit to add 10 plugins, if she tries to add the 11th plugin they should get an error that their limit has reached.
Please help me with the appropriate HTTP status code for this.
Thanks in advance
There's no HTTP status code for quota exceeded, however there are a few HTTP status code that would be suitable for this situation provided you add a good description in the response payload.
If the quota of requests has been exceeded, but more requests could be performed upon a payment, you could consider the 402 status code (even though the documentation says it's reserved for future use, its reason phrase is pretty clear and defines well its purpose):
The
402(Payment Required) status code is reserved for future use.
You could use 403 to indicate the request is forbidden when the quota of requests has been exceeded. A good description in the request payload is always welcome:
The
403(Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any). [..]
If you are applying restrictions on the number of requests per hour/day, the 429 status code may be suitable for your needs (however this status code is used by a server to indicate that too many requests have been received in a short amount of time, that is, the client is throttling):
The
429status code indicates that the user has sent too many requests in a given amount of time ("rate limiting").The response representations SHOULD include details explaining the condition, and MAY include a
Retry-Afterheader indicating how long to wait before making a new request.For example:
HTTP/1.1 429 Too Many Requests Content-Type: text/html Retry-After: 3600 <html> <head> <title>Too Many Requests</title> </head> <body> <h1>Too Many Requests</h1> <p>I only allow 50 requests per hour to this Web site per logged in user. Try again soon.</p> </body> </html>Note that this specification does not define how the origin server identifies the user, nor how it counts requests. For example, an origin server that is limiting request rates can do so based upon counts of requests on a per-resource basis, across the entire server, or even among a set of servers. Likewise, it might identify the user by its authentication credentials, or a stateful cookie.
Responses with the
429status code MUST NOT be stored by a cache.
The HTTP status codes are extensible. If the aboved mentioned status codes do not fit your needs, you could create your own status. Since it's a client error, the new status code should be in the 4xx range.
422 Unprocessable Entity should work in this case. The request itself is well formed syntactically. The problem is in the current conditions, because the user reached the limit. The error response should be helpful how to solve this status quo. https://httpstatuses.com/422
My second bet is 409 Conflict but it is tied to versioning and colliding changes. https://httpstatuses.com/409
I think that is a "Business logic error" and 422 Unprocessable Entity, can be better.
The HyperText Transfer Protocol (HTTP) 422 Unprocessable Entity response status code indicates that the server understands the content type of the request entity, and the syntax of the request entity is correct, but it was unable to process the contained instructions.
© 2022 - 2024 — McMap. All rights reserved.
