Hi I have a REST web service.
The service method throws java.lang.Exception but the client always receive Http Code 200 which is success.
Shouldn't the rest service return other code than 200?
Probably yes. 200 OK would imply that the request would have succeeded. It sounds like this was not a success so it should have been something else.
If your code is throwing an Exception, it's supposed to be broken and not delivering whatever your request wanted. That indeed should not return a "200 OK" response.
Here's a few things to do:
Don't throw java.lang.Exception. Try to be more specific about the exceptions on your code so it's easier to identify the problem when something crashes.
Determine WHAT is happening that is throwing that exception.
In most cases, send a 400 Bad Request when something is wrong and the client is guilt for that. If it's a server-side problem, it's usually a 500 Internal Server Error response. Do a little research on HTTP codes here.
Make sure to document any rules that need to be followed so this problem don't occur in the future.
Related
I wrote a Node service that takes parameters from a client and puts them into a SOAP request to another (3rd party) service. Lately, when a request is made to my service, the initial response is a 502 Bad Gateway error with a generic HTML block titled "Server Error" (see image). When I submit the same request a second time, the 3rd party responds with a 500 Internal Server error and a message indicating that a request has already been issued for that transaction.
Obviously the initial request made it to the 3rd party somehow, but they say that the 502 error isn't theirs and isn't logged in their system as ever having occurred.
What I'm trying to find out is if the error is somehow coming from my service because of Docker or Azure (or something else I'm not thinking of). The error is so generic that research hasn't yielded anything useful on it. Has anyone encountered this or know what it is?
It turns out that this was an error being thrown by Azure (or so we think) as the result of some faulty error-handling. Part of the response was being parsed incorrectly, which caused the app to stall. It still doesn't explain how the data still got to the other side while this was happening (or why it hit the catch block at all when there was no error in the processing), but if you see a server error returned with this HTML block, check your error-handling code and investigate Azure!
Is it possible to intercept the request going through Charles and immediately return 500 error code without sending this request to the server?
Can't find any information on this. All resources suggest to wait for the response and then change HTTP response code to 500.
I assume you have already tried adding a rewrite rule to make the request to be returned with the 500 status. Have you tried combining this with a map local, to an empty file on your disk, for instance? It may work.
If this doesn't work too, I think I would do a Map Remote to another path on my localhost (for instance: http://localhost:8081/exected-response-500) and make that URL to return the 500 status error (in my case I would use a basic Spring Boot app to achieve this).
My payment endpoint which accepts a POST should deny requests when the user does not have any payment methods configured. What is the correct HTTP status code in this case?
What is the correct HTTP status code to be raised when the system itself cannot reach the state asked for by the request and another request (creating a payment method) must be completed first?
I looked at 428 Precondition Required, but that seems to have more to do with the headers than the state of the system.
I would go simply with 400 Bad Request. If you need more specific instructions or hints in the response, you can return a body, which will indicate the exact nature of the error.
You don't need to assign a specific HTTP error code to all your internal business-related error cases. Indeed this is probably not possible anyway.
The specification on 400: https://www.rfc-editor.org/rfc/rfc7231#section-6.5.1
Relevant quotes from there:
indicates that the server cannot or will not process the request due to something that is perceived to be a client error
And about the 4xx codes in general:
the server SHOULD send a representation containing an explanation of the error situation, and whether it is a temporary or permanent condition
Did you look into error 424 Failed_Dependency? I think this could bethe one you want.
See
http://www.restpatterns.org/HTTP_Status_Codes/424_-_Failed_Dependency
If at all any error message should be returned with status code 405, what should it say? I suspect we should not return any, but just to make sure are there any best practices for this?
Given that 405 means Method not allowed, it's pretty obvious to anyone familiar with HTTP or other RESTful APIs what it means.
However, not all of your customers writing software with your APIs might have that prior experience, so it might be worth returning a message in the response that says something like, "This resource does not support the HTTP method PUT."
You might also want to include a hint in the returned message to tell the user to call OPTIONS to find out which methods are supported, assuming you implement it as such.
I've been looking at examples of REST API's like Netflix http://developer.netflix.com/docs/REST_API_Reference#0_59705 and Twitter and they seem to place error messages in the statusText header response instead of the responseText. We're developing an internal RESTful api and I am arguing for sending custom statusText messages and ignoring the responseText.
For the scope of our app, we're returning error 400 when the user has tried doing something they aren't supposed to, and the only error messages that will be updated in the UI for the user will be delivered with 400. I am of the belief that the message should be sent as a modified statusText but one of the engineers (who knows a bit less about REST than me) is arguing for sending it in the responseText.
What's the best way to go?
HTTP defines that you should put a descriptive error message in the response entity body, aka responseText.
statusText is not rendered or processed by any client.
I'd use the status text for the error message type, aka 400 Client Error, and the body for a description of the problem that can be rendered to the user, in whatever the format the client may be able to process.
Edit: Note that since then, a new standardised format exists to communicate in a standard fashion error details back to the client, which you can find at https://www.rfc-editor.org/rfc/rfc7807 and which I would recommend.
I think you're right, the general approach is use the existing error mechanism built into HTTP.
In general, try to map your errors to existing HTTP errors, for example if they request something they don't have permission to, return a 403 error.
If they request something that doesn't exist, return a 404.
Alex
According to the HTTP specification (rfc2616): "HTTP status codes are extensible"
However I don't think that creating new statuses for every different error message is the correct approach:
I would say choose HTTP Status appropriately (HTTP Status Code Definitions) if you can't find any category which matches your requirement create a custom one (but I'm sure you will) and put error messages in the HTTP response body.
Picking appropriate status code for your responses is extremely important as it is a key enabler of self-descriptive messages.
The entity body should be a representation of the resource's state and ideally contain hyperlinks to available next states in your application
Http Status Codes are pretty self explanatory and should be used as such. Returning 200 OK with validation errors is pretty Soap-y and misleading. Any REST Client implementation 4xx and 5xx errors go into a error block and it really depends on case to case basis if you really want to use the response body for non 2xx responses.