Reputation: 2562
What HTTP Status Code would represent Authenticated but requires acceptance of terms
I'm designing a RESTful API and systems using the API do work on behalf of a user.
We use a standard OAuth exchange to verify that user, but upon verification we may find that the user requires to accept an updated user agreement before any other methods can be allowed. Think of the iPhone and how they change their agreements and require users to accept.
What status code would best represent this situation? Should they be given a 401 with additional information. A redirect? A custom code in the 400 range?
Obviously I don't want the API consumer to think he has a valid token, but they need to know that specific actions should be taken.
Has anyone handled something like this?
Upvotes: 4
Views: 122
Answers (1)
Reputation: 8963
403 Forbidden
With additional information about the reason of course. This will show that you have understood the request, and you can state your reasons for refusing to comply.
Upvotes: 6
Related Questions
- What HTTP code to use in "Not Authenticated" and "Not authorized" cases?
- HTTP status code for "EULA not accepted"?
- HTTP status code for "your password did not meet requirements"
- Correct return status code for authentication issues?
- REST HTTP Response status code to indicate client input is non-verified?
- Correct http status code for resource which requires authorization
- HTTP Status Code for Authenticated but Unauthorized?
- Status code for invalid, but optional, credentials
- HTTP status code for missing authentication
- REST http status code for content that needs authentication?