the beauty of rest is that you piggy back off the error codes of the http protocol, e.g. 403 forbidden, 404 page not found, 500 internal server error. of course you could always add text in the response providing more detail, but i argue that this is not very helpful in all cases, what can you as the api consumer do if the server is barfing back something cryptic (503)? the use case i can think of is for an errant parameter in the request, i'm a firm believer of the client app doing field validation, of course that doesn't absolve the server from having to also do it. but instead of providing a 500 (internal server error), i think there could be something more meaningful like a 400 (bad request) followed by some response parameter with more detailed information like "your address field contains a float".
the example given for authentication is a poor choice, there are security reasons why you would want to be vague, returning the fact that the password is mistyped only tells the consumer of the api that this user exists, please hack me.
the one thing i hate about rest is how to document the endpoints and the various http statuses that could be returned, if someone could generate a script that could help me here (for python) that would be appreciated.
the beauty of rest is that you piggy back off the error codes of the http protocol, e.g. 403 forbidden, 404 page not found, 500 internal server error. of course you could always add text in the response providing more detail, but i argue that this is not very helpful in all cases, what can you as the api consumer do if the server is barfing back something cryptic (503)? the use case i can think of is for an errant parameter in the request, i'm a firm believer of the client app doing field validation, of course that doesn't absolve the server from having to also do it. but instead of providing a 500 (internal server error), i think there could be something more meaningful like a 400 (bad request) followed by some response parameter with more detailed information like "your address field contains a float".
the example given for authentication is a poor choice, there are security reasons why you would want to be vague, returning the fact that the password is mistyped only tells the consumer of the api that this user exists, please hack me.
the one thing i hate about rest is how to document the endpoints and the various http statuses that could be returned, if someone could generate a script that could help me here (for python) that would be appreciated.