对不存在的资源进行 GET 的 REST 标准 [英] REST standard for GET on a resource that doesn't exist
问题描述
资源/user/12345 不存在.假设消费者正在随机尝试不同的 id.没有授权.任何用户都可以查看任何用户.从更广泛的意义上讲,我的问题是如果对不存在的资源执行 GET 操作,您应该返回什么?"
The resource /user/12345 doesn't exist. Lets say the consumer is trying different ids randomly. There is no authorization. Any user can view any user. In a broader sense, my question is "What should you return if you do a GET on a resource that doesn't exist?"
我应该为不存在的 id 返回一个空用户,还是应该返回带有正确状态代码的错误消息?
Should I return an empty user for an id that doesn't exist or should I return an error message with proper status code?
典型/通常/推荐的做法是什么?
What is the typical/usual/recommended practice?
推荐答案
这有点取决于您的安全问题.如果猜测者发现该用户 ID 不存在,我会发送 404,或者发送 401 以尝试对/user 下的任何资源进行未经身份验证的访问
It depends on your security concerns a little bit. I would either send a 404 if it is OK that the guesser finds out if that user id does not exist, or send 401 for all attempts on unauthenticated accesses to any resource under /user
这篇关于对不存在的资源进行 GET 的 REST 标准的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
