I understand two plausible answers: 200 or 409. Why?
Today, the HTTP protocol provides for five response groups:
- Group 1xx: informative answers;
- Group 2xx: successful responses;
- Group 3xx: redirect responses;
- Group 4xx: customer error answers;
- Group 5xx: server error replies;
Depending on the application, we may have personalized answers, but I will not address them in the answer.
The situation we find ourselves in is: a user will delete an address.
The group 1 We’ve ruled it out without having to think long. We will not give any provisional informative response to the customer; so no response 100, 101 or 102.
The group 2 It already seems to us a little interesting and I even put as a possible answer. Here will depend on application design questions, as the returns of the 2xx group represent responses to requests which were successfully received, understood by the server and accepted. Depending on the design specifications of your application, the server does not allow the client to delete an address means that it has successfully received the request, understood what it should do and accepted the request (client has permission to do so)but the non-exclusion of the address could be signalled through the body of the response.
HTTP/1.1 200 OK
...
{
"error": "Você possui apenas um endereço e não pode excluí-lo"
}
Thus, it would be enough for the client to receive the answer and treat the body of the same to verify the success of the operation. Other answers from the same group I don’t think would fit as possible answers
The group 3 we can also eliminate effortlessly as we will not make any kind of customer redirect.
The group 4 also looks promising, but let’s look at each case.
400 Bad Request: is not valid. The client request will be in the expected format that will be understood by the server, so returning error 400 would be confusing. Just imagine the situation: client is deleting the X address and returns 400; if he registers the Y address and re-deletes X, he will succeed. How could the same request generate 400 and 200?
401 Unauthorized: As stated in the question, the customer is authorized to delete the address and falls into the same situation as the previous one. If there is a second address and you make the same request, you will be successful. Confusing!
402 Payment Required: Yeah, nothing to do with our situation.
403 Forbidden: this response indicates that there is present accreditation data in the request, but that the server judged to be insufficient to allow the client to access such resource; so much so that part of the specification of this answer says that the client should not repeat the request with the same authentication data, otherwise he will receive the same response. We are not working with authentication problems here.
404 Not Found: found, so forget this.
405 Method Not Allowed: method is allowed yes, are forgetting that too.
406 Not Acceptable: response related to content negotiation, which also has no relation to the case.
407 Proxy Authentication Required: yeah, nothing to do with.
408 Request Timeout: Hm, no.
409 Conflict: um, conflict is always legal. get your popcorn. Joking aside, let’s see what the description of this answer: the request cannot be completed due to conflicts with the current status of the resource; the client must resolve the conflicts and forward the request; the body of the response must contain sufficient information for the client to identify conflicts. Trivial! Just answer with 409 and put in the body of the reply that the user must register another address to delete the current one; if you do, he can repeat the same request and get success.
410 Gone: Let it go?
411 Length Required: Nah, nothing to do with it.
412 Precondition Failed: name has potential, but is related to condition headers, not current resource status conditions; so no!
413 Request Entity Too Large: I guess not, right?
414 Request-URI Too Long: Man, how did you get on this?
415 Unsupported Media Type: what media type? I just want to delete the address, young man.
416 Requested Range Not Satisfiable: but I don’t even define the range...
417 Expectation Failed: sorry it doesn’t meet your expectations... but it also has to do with the header of the request, not with the expectation of the user.
And finally, group 5. Well, server is healthy, right? We hope so, so no 5xx error for today.
More information on RFC 7231, Chapter 6.
I believe that 409 conflict, take a look at this other post on https://stackoverflow.com/questions/25122472/rest-http-status-code-if-delete-impossible
– Hebert Lima
Good Hebert, I ended up following this path, thanks for the return. Best wishes.
– Gonzaga Neto