On the basis of HTTP status code list and their descriptions I recommend.
400 - Invalid request (Bad request)
400 Invalid request (Bad Request)
Order cannot be delivered due to incorrect syntax.
The fact of missing a parameter, the TOKEN, this message is the one that best describes the error that occurred during the request
Why not 403 Proibido (unauthorized access)?
403 Prohibited (unauthorized access)
The request was a legal request, but the server is refusing to respond to it.
Unlike a 401 - Não autorizado(Unauthorized), authentication will make no difference.
In case it is not a denied access to a request or directory but the lack of a parameter in the request, so the lack of privileges does not best portray the failure in the request.
Why not 503 - internal server error?
503 Service unavailable (Service Unavailable)
The server is under maintenance or cannot account for the resource processing due to the system overload. This must be a temporary condition.
As in fact your server does not present any error this is not the best response to an improper access to a request.
Friend, I put 414 wrong. the intention was to put 400. I wonder if I could edit the last item?
– Wallace Maxters
Okay, I’ll edit the answer
– Erlon Charles
In the case of 400 becomes a good option as well, since the lack of a parameter (tokem) generates an error in the request, so the user will know that he has missed something in the request and this becomes better
403– Erlon Charles