REST API服务针对验证失败返回什么合适的HTTP状态代码? [英] What's an appropriate HTTP status code to return by a REST API service for a validation failure?

问题描述

每当我在 Django / HTTP状态代码注册表 我不认为这是验证失败的合适代码，大家都建议什么?

I'm currently returning 401 Unauthorized whenever I encounter a validation failure in my Django/Piston based REST API application. Having had a look at the HTTP Status Code Registry I'm not convinced that this is an appropriate code for a validation failure, what do y'all recommend?

• 400错误的请求
• 401未经授权
• 403禁止进入
• 不允许使用405方法
• 406不可接受
• 412前提条件失败
• 417预期失败
• 422无法处理的实体
• 424依赖失败

更新:上面的验证失败"表示应用程序级别的数据验证失败，即错误指定的日期时间，虚假的电子邮件地址等.

Update: "Validation failure" above means an application level data validation failure, i.e., incorrectly specified datetime, bogus email address etc.

推荐答案

如果验证失败"表示请求中存在某些客户端错误，请使用HTTP 400(错误请求).例如，如果URI应该具有ISO-8601日期，而您发现它的格式错误或引用的日期是2月31日，则您将返回HTTP 400.它无法解析.

If "validation failure" means that there is some client error in the request, then use HTTP 400 (Bad Request). For instance if the URI is supposed to have an ISO-8601 date and you find that it's in the wrong format or refers to February 31st, then you would return an HTTP 400. Ditto if you expect well-formed XML in an entity body and it fails to parse.

(1/2016):在过去五年中 WebDAV 的更具体的HTTP 422(不可处理实体)已成为HTTP 400的非常合理的替代品.例如，请参见 JSON API .但请注意，HTTP 422 not 并未纳入HTTP 1.1， RFC-7231 .

(1/2016): Over the last five years WebDAV's more specific HTTP 422 (Unprocessable Entity) has become a very reasonable alternative to HTTP 400. See for instance its use in JSON API. But do note that HTTP 422 has not made it into HTTP 1.1, RFC-7231.

Richardson和Ruby的 RESTful Web服务包含一个关于何时使用各种HTTP响应代码的非常有用的附录.他们说:

Richardson and Ruby's RESTful Web Services contains a very helpful appendix on when to use the various HTTP response codes. They say:

400(错误请求")
重要性:高.
这是一般的客户端错误状态，在没有其他合适的4xx错误代码时使用.通常在客户提交陈述和 PUT或POST请求，并且其表示形式为正确的格式，但不能 任何意义. (第381页)

400 ("Bad Request")
Importance: High.
This is the generic client-side error status, used when no other 4xx error code is appropriate. It’s commonly used when the client submits a representation along with a PUT or POST request, and the representation is in the right format, but it doesn’t make any sense. (p. 381)

和:

401(未经授权")
重要性:高.
客户端尝试在受保护的资源上操作，而没有提供适当的身份验证凭据.它可能提供了错误的凭据，或者根本没有提供. 凭据可以是用户名和密码，API密钥或身份验证 令牌-所涉及的服务期望什么.客户通常会 一个URI请求并接受401，这样它就知道要发送哪种凭据 以及什么格式. [...]

401 ("Unauthorized")
Importance: High.
The client tried to operate on a protected resource without providing the proper authentication credentials. It may have provided the wrong credentials, or none at all. The credentials may be a username and password, an API key, or an authentication token—whatever the service in question is expecting. It’s common for a client to make a request for a URI and accept a 401 just so it knows what kind of credentials to send and in what format. [...]

这篇关于REST API服务针对验证失败返回什么合适的HTTP状态代码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！