REST HTTP状态代码,用于验证失败或重复无效

REST HTTP status codes for failed validation or invalid duplicate

我正在使用基于REST的API构建一个应用程序,并且已经到了为每个请求指定状态代码的地步。

对于验证失败的请求,或者请求试图在数据库中添加副本的位置,我应该发送什么状态代码?

我浏览过http://www.w3.org/protocols/rfc2616/rfc2616-sec10.html,但没有一个是正确的。

发送状态代码时有没有常见的做法?


输入验证失败:400个错误请求+您的可选描述。这在"RESTful Web服务"一书中提出。双重提交:409冲突

2014年6月更新

相关规范过去是RFC2616,它给出了400(错误请求)的使用范围非常窄,因为

The request could not be understood by the server due to malformed syntax

所以可能有人认为它不适合于语义错误。但不再如此;自2014年6月起,取代先前的RFC2616的相关标准RFC7231将400(错误请求)的使用范围扩大到

the server cannot or
will not process the request due to something that is perceived to be
a client error


  • 验证失败:403禁止("服务器理解请求,但拒绝完成请求")。与流行观点相反,RFC2616并没有说"403只用于认证失败",而是说"403:我知道你想要什么,但我不会这样做"。这种情况可能是由于身份验证造成的,也可能不是。
  • 尝试添加重复的:409冲突("由于与资源的当前状态冲突,请求无法完成。")

您应该在响应头和/或主体中给出更详细的解释(例如,使用自定义头-X-Status-Reason: Validation failed)。


我建议状态代码422,"不可处理实体"。

11.2. 422 Unprocessable Entity

The 422 (Unprocessable Entity) status code means the server understands the content type of the request entity (hence a 415(Unsupported Media Type) status code is inappropriate), and the syntax of the request entity is correct (thus a 400 (Bad Request) status code is inappropriate) but was unable to process the contained instructions. For example, this error condition may occur if an XML request body contains well-formed (i.e., syntactically correct), but semantically erroneous, XML instructions.


200300、400、500都是非常普通的。如果你想要通用的,400就可以了。

422被越来越多的API使用,甚至被现成的Rails使用。

无论您为API选择哪个状态代码,都会有人不同意。但我更喜欢422,因为我认为‘400+文本状态’太普通了。另外,您没有利用JSON就绪的解析器;相反,带有JSON响应的422非常明确,并且可以传递大量错误信息。

说到JSON响应,我倾向于标准化本例的Rails错误响应,即:

1
2
3
4
5
6
7
{
   "errors" :
    {
       "arg1" : ["error msg 1","error msg 2", ...]
       "arg2" : ["error msg 1","error msg 2", ...]
    }
}

这种格式非常适合表单验证,我认为这是"错误报告丰富性"方面最复杂的支持案例。如果您的错误结构是这样的,那么它可能会处理您所有的错误报告需求。


数据库中的副本应该是409 CONFLICT

对于验证错误,我建议使用422 UNPROCESSABLE ENTITY

我在这里对4xx代码给出了更详细的解释:http://parker0phil.com/2014/10/16/rest_http_4xx_status_codes_syntax_and_semantics/


(P)200(p)(P)呃…(309,400,403,409,415,422)……A lot of answers trying to guess,argue and standard what is the best return code for a successful http://request but a failed rest call.(p)(P)It is wrong to MIX http://status codes and rest status codes.(p)(P)然而,我所看到的许多执行情况,他们,和许多发展者可能不同意我。(p)(P)http://return codes are related to the EDOCX1 English 0 Itself.a Rest call is done using a hypertest transfer protocol request and it works at a lower level than invoked rest method itself.Rest is a concept/approach,and its output is a business/logical result,while http://result code is a transport one.(p)(P)For example,returning"404 not found"when you call/users/is confused,because it may mean:(p)

  • Uri is wrong(http)
  • 不用户是发现(rest)

(P)"403 forbidden/access denied"may mean:(p)

  • Special permission needed.Browsers can handle it by asking the user/password.(http)
  • Wrong access permissions configured on the server.(http)
  • You need to be authenticated(rest)

(P)and the list may continue with"500 server mistake"(An APACHE/NGINX http://thrown mistake or a business constraint mistake in rest)or other http://errors etc.(p)(P)从《守则》到理解什么是失败的原因,到(运输)失败或失败的原因,都是困难的。(p)(P)如果http://request physically was performed successful it should always return 200 code,regardless is the record(s)found or not.因为Uri Resource is found and was handled by the http://server.是的,它可以回到一个阁楼。It is possible to receive an empty web-page with 200 as http://result,right?(p)(P)Instead of this you may return 200 http://code with some options:(p)

  • "错误"目标在JSon result if some goes wrong
  • Empty JSon array/object if no record found
  • a Bool result/success flag in combination with previous options for a better handling.

(P)Also,some Internet Providers may intervent your requests and return you a 404 http://code.This does not means that your data are not found,but it's some wrong at transport level.(p)(P)来自维基:(p)布尔奇1(P)为什么不干脆回答这个问题呢?(p)字母名称(P)Google Always Returns 200 as Status Code in their Geocoding API,even if the request logically fails:https://developers.google.com/maps/documentation/geograping/intro/(p)(P)Facebook always return 200 for successful http://requests,even if rest request fails:https://developers.facebook.com/docs/graph-api/using-graph-api/mistake-handling(p)(P)这很简单,http://status codes are for http://requests.Rest api is your,defining your status codes.(p)


Ember数据的ActiveRecord适配器期望从服务器返回422 UNPROCESSABLE ENTITY。所以,如果您是客户,那么您应该使用422。只有ds.errors才会被返回的错误填充。当然,您可以将422更改为适配器中的任何其他代码。


状态代码304未修改也会对重复请求作出可接受的响应。这类似于使用实体标记处理If-None-Match的头文件。

在我看来,@piskvor的回答是对我所感知的原始问题的意图的更明显的选择,但是我有一个同样相关的选择。

如果要将重复请求视为警告或通知而不是错误,则未修改304的响应状态代码和标识现有资源的Content-Location头将同样有效。当目的仅仅是确保资源存在时,重复请求将不是一个错误,而是一个确认。请求没有错,只是冗余的,客户机可以引用现有的资源。

换句话说,请求是好的,但是由于资源已经存在,服务器不需要执行任何进一步的处理。