Reputation: 702
REST API Http Status code for Unconfirmed email but successful login
I have a use case here, a user registers in a website and has got an account activation link through email. User tries to login without activating his account.
What would be the Http status code for the login request, both username and password is correct but he has not yet activated his account from the activation link through email.
Http Status Code: XXX
Http Response
{ message: "your email address has not been confirmed yet", description: "Please confirm your account from the activation link sent through email" }
Upvotes: 4
Views: 2484
Answers (1)
Reputation: 547
I believe, 401 Unauthorized is the better choice here over 403 Forbidden because 403 is used to depict that client is authenticated but trying to access the resource which is not permitted to them.
It could be any endpoint.
Howerver, in this case, the confirmation of email is still pending which is related to authentication. Hence, sending 401 Unauthorized would make more sense to me here.
Although, it's debatable. We can consider this situation middleware in both things. I guess, 401 and 403 both are fine.
Upvotes: 1
Related Questions
- HTTP status code for an expired confirmation code
- What is the expected status code for a succesful login
- HTTP status code for email already confirmed
- 422 or 409 status code for existing email during signup
- Correct HTTP status code for login form?
- HTTP status for "email not verified"
- REST API & HTTP Status Code
- What http status code should I use when customer configuration is not correct?
- http status code for failed email send
- HTTP status code for missing authentication