Reputation: 1206
HTTP Status 404 or 400 if no such API endpoint exists?
- Status code
400 Bad Requestis used when the client has sent a request that cannot be processed due to being malformed. - Status code
404 Not Foundis used when the requested resource does not exist / cannot be found.
My question is, when a client sends a request to an endpoint my API does not serve, which of these status codes is more appropriate?
Should an endpoint be considered a "resource", and thus a 404 be returned? My issue with this is that if the client only checks the status code, they cannot tell the difference between a 404 indicating that they got to the correct endpoint, but there was no result matching their query, versus a 404 indicating that they queried a non-existing endpoint.
Alternatively, should we expect that a client has prior knowledge of all available API endpoints, and thus treat their request as malformed and return a 400 if the endpoint they are trying to reach does not exist?
Maybe this depends on whether the endpoints are REST or not. If they are REST endpoints, the client should not need prior API knowledge, but be able to learn about all relevant API endpoints by navigating the API from a single root endpoint. In such a case, I guess 404 would be more appropriate.
In my specific case right now, this is an internal (non-REST) HTTP API, where I expect the client to have prior knowledge of all API endpoints, so I am leaning towards 400, to avoid issues where 404 from accessing the wrong endpoint could be misconstrued as a 404 indicating that what they sought from the correct endpoint could not be found.
Thoughts?
Upvotes: 3
Views: 7721
Answers (1)
Reputation: 13672
As a convenience, many modern APIs provide human-readable endpoints for developer convenience. The intent of REST, however, is that URLs are treated as opaque - they may happen to contain semantic content, but can't be relied upon to do so. There's no such thing as a "malformed" URL. There's only a URL that points to something and a URL that doesn't.
Now, that's the REST dogma (and arguably also the HTTP 1.1 spec). That doesn't mean it's what you should do. If you have a single internal client for your API, and that's not going to change, you have a lot of flexibility in designing your own standards. Just make sure to document them, especially those that might confuse the guy straight out of college that they hire to replace you when you move on.
Upvotes: 3
Related Questions
- REST 404 vs 400. Which one to use?
- Is it correct to return 404 when a REST resource is not found?
- HTTP Status Codes - 404/NotFound vs 204/NoContent vs 200/Ok
- What is the appropriate HTTP status code for a null or missing object attribute?
- HTTP 200 or 404 for empty list?
- When route was not implemented on server, should it return 404 or 501?
- HTTP Status-code for empty response and response not found
- What response status code should I return?
- Correct HTTP status code for possible absent entity: 200 or 204 or 404
- Suitable HTTP Status Code