Should I throw a 400 or 500 service error for business logic fail?

Question

I'm working on a music media library that allows users to share music in their library but only if they marked as shareable.

In the backend I'm checking if the music file is shareable like so

if(file.shareable) share
else throw 500 or 400?

To me this is a 400 bad request because the the user is trying to do something that the business does not allow.

Is this the corret way?

Answer 1

You should use 4xx codes for any client error that prevents the server from returning a useful response. This includes requests that violates business rules. The point is to indicate to the client that the request is invalid, and potentially include steps the client can take to fix the situation.

Use 5xx codes if the server encounters an internal problem that prevents it from doing its work. Maybe the database or a necessary external service is down, or there's a programming error somewhere. Maybe the server is just too busy right now. Not much the client can do to fix that other than try again later.

Basically:

4xx: Your fault.

5xx: My fault.

Answer 2

4xx indicates a bad request -- i.e. "don't try re-requesting". 5xx indicates that the server had a problem, i.e. "give us a minute, and try again later."

So if it's business logic, that would be a 400 level error, i.e. don't re-request.