No Code API automation – API Monkey

When should your API not always return 200?

The API server can return a variety of status codes. The most common responses range from 200 to 401, with minor variances in between. If the call is successful, the API returns 200, indicating that the endpoint exists and that some internal validation was performed. The API must not return 200 status codes when there is unauthorized access, restricted access, or when the service is unavailable.

If the access is not authorized/unauthorized, the API returns 401; if the access is forbidden and the answer includes information on access refused, the API returns 403; and if the API cannot do anything until the user login is validated and authorized, the API returns 503. (service unavailable).

Specifying status codes such as 400, 404, and 300 is part of the RESTful design, but it is not REST. Actually, long before RESTful API, the use of 302 (redirect), 401 (Basic and Digest authentication), 404 (default not-found page in web server), and 500 (default server error page) was common.

The status code 200 (OK) should not be used to signal response body faults. Use of HTTP response status codes as directed by the guidelines in this section at all times. A REST API, in particular, should not be harmed in order to accommodate less capable HTTP clients. We have seen scenarios where in the developer seraches for records based on url paarmeter and when does not find anything, sends a message “No data Found” but still returns 200

This should not be the case. In this case you should return 204 (No content).

Status Class

100 – 199: These are informational status codes that typically indicate to the client that the header portion of the request has been received and that the server will attempt to fulfill the client’s transmission request. For example, you could use an alternative protocol, or inform the client that their request will fail before sending the body.

200 – 299: These are the keys to success. They inform the client that their request has been granted. Asynchronous request processing (202), on the other hand, does not imply that the request was successfully processed; rather, it means that it satisfied all validation requirements at the time of sending.

300 – 399: This is a list of redirection codes. They inform the client that the requested resource is no longer available at the expected location. This could be for a variety of reasons, including temporary or permanent relocation, but the client must submit a request to the new location.

400 – 499: These are the error codes for clients. They’re all about incorrect requests submitted to a server by a client. There are various reasons for this, including timeouts, incorrect URIs, and insufficient authentication. If a client sends invalid data, the request should be retried after double-checking the input parameters.

500 – 599: The server error codes are listed below. They frequently signal issues with overburdened servers or unavailable servers behind proxies, but they can also be directly related to client requests that cause server error exceptions. Temporary or permanent errors can occur. Retrying the same request is usually the best option for the client.

Your API may return the following status codes when your API request is not successful.

  • 400 – Bad Request
  • 401 – unauthorized
  • 402 – Payment Required
  • 403 – Forbidden
  • 404 – Not Found
  • 405 – Method Not Allowed
  • 406 – Not Acceptable
  • 407 – Proxy Authentication Required
  • 408 – Request Timeout
  • 409 – Conflict
  • 410 – Gone
  • 411 – Length Required
  • 412 – Precondition Failed
  • 413 – Payload Too Large
  • 414 – URI Too Long
  • 415 – Unsupported Media Type
  • 416 – Range Not Satisfiable
  • 417 – Expectation Failed
  • 418 – I’m a teapot
  • 421 – Misdirected Request
  • 422 – Unprocessable Entity
  • 423 – Locked
  • 424 – Failed Dependency
  • 426 – Upgrade Required
  • 428 – Precondition Required
  • 429 – Too Many Requests
  • 431 – Request Header Fields Too Large
  • 451 – Unavailable For Legal Reasons
  • 500 – Internal Server Error
  • 501 – Not Implemented
  • 502 – Bad Gateway
  • 503 – Service Unavailable
  • 504 – Gateway Timeout
  • 505 – HTTP Version Not Supported
  • 506 – Variant Also Negotiates
  • 507 – Insufficient Storage
  • 508 – Loop Detected
  • 510 – Not Extended
  • 511 –  Network Authentication Required

Leave a comment

Your email address will not be published.