Hi there, If a DELETE request on a resource fails because constraints prevent the resource from being deleted, what should the correct HTTP response code be? There appears to be a lot of contention about this on the web, but I''m unable to find a ''definitive guide'' for the sort of REST API I''m developing. Perhaps someone could point me in the right direction? I''m currently of the opinion that 403 Forbidden is the best option, although 405 Method Not Allowed sounds equally appropriate, or perhaps even 409 Conflict. Advice appreciated. Thanks Olly --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Rick Olson
2008-Mar-17 19:17 UTC
Re: HTTP response code when DELETE request is not permitted
On Mon, Mar 17, 2008 at 10:08 AM, Olly Lylo <olly-2iX6Wuy7WY21Qrn1Bg8BZw@public.gmane.org> wrote:> > Hi there, > > If a DELETE request on a resource fails because constraints prevent > the resource from being deleted, what should the correct HTTP response > code be? > > There appears to be a lot of contention about this on the web, but I''m > unable to find a ''definitive guide'' for the sort of REST API I''m > developing. Perhaps someone could point me in the right direction? > > I''m currently of the opinion that 403 Forbidden is the best option, > although 405 Method Not Allowed sounds equally appropriate, or perhaps > even 409 Conflict.I believe 403 is an authentication header, as in ''your login failed''. 405 means the DELETE method itself isn''t allowed. ActiveResource uses 409 for locking conflicts, and 422 for validation errors. According to rfc 2616, it sounds like 409 would be your best bet: The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request. http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html That sounds better than 422, unprocessable entity: The request was well-formed but was unable to be followed due to semantic errors. http://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_Client_Error There are many ways to interpret that though. I think the key is to document it well and stick to it. -- Rick Olson http://lighthouseapp.com http://weblog.techno-weenie.net http://mephistoblog.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Olly Lylo
2008-Mar-18 12:40 UTC
Re: HTTP response code when DELETE request is not permitted
I agree -- 409 it is. Thanks Rick. On Mar 17, 7:17 pm, "Rick Olson" <technowee...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> On Mon, Mar 17, 2008 at 10:08 AM, Olly Lylo <o...-2iX6Wuy7WY21Qrn1Bg8BZw@public.gmane.org> wrote: > > > Hi there, > > > If a DELETE request on a resource fails because constraints prevent > > the resource from being deleted, what should the correct HTTP response > > code be? > > > There appears to be a lot of contention about this on the web, but I''m > > unable to find a ''definitive guide'' for the sort of REST API I''m > > developing. Perhaps someone could point me in the right direction? > > > I''m currently of the opinion that 403 Forbidden is the best option, > > although 405 Method Not Allowed sounds equally appropriate, or perhaps > > even 409 Conflict. > > I believe 403 is an authentication header, as in ''your login failed''. > 405 means the DELETE method itself isn''t allowed. ActiveResource uses > 409 for locking conflicts, and 422 for validation errors. > > According to rfc 2616, it sounds like 409 would be your best bet: > > The request could not be completed due to a conflict with the current > state of the resource. This code is only allowed in situations where > it is expected that the user might be able to resolve the conflict and > resubmit the request. > > http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html > > That sounds better than 422, unprocessable entity: > > The request was well-formed but was unable to be followed due to > semantic errors. > > http://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_Client_Error > > There are many ways to interpret that though. I think the key is to > document it well and stick to it. > > -- > Rick Olsonhttp://lighthouseapp.comhttp://weblog.techno-weenie.nethttp://mephistoblog.com--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---