9

Assume my server exposes resources which have a state (Not approved, Approved, Auto-approved). If a resource is in state Not approved it should not be accessible to clients, i.e. clients are allowed to know about the existence of the resource (they do anyway) but should be denied access until the resource is in the correct state.

The HTTP status code should express something along the lines: "Yes, the resource you are trying to access exists, but you will have to wait until it's approved by someone. Please try again later."

What HTTP status code should be returned in this case? Returning 404 (Not found) doesn't seem right, because the resource is in fact existing. Status code 412 (Precondition failed) sounds about right, but the RFC talks a lot about HTTP headers...

The 412 (Precondition Failed) status code indicates that one or more conditions given in the request header fields evaluated to false when tested on the server. This response code allows the client to place preconditions on the current resource state (its current representations and metadata) and, thus, prevent the request method from being applied if the target resource is in an unexpected state.

Improve this question
2
  • 3
    Please be more specific about the meaning of "should not be accesible to clients". Should clients be allowed to know that the resource exists? Commented May 23, 2016 at 8:23
  • 2
    @DisplayName, thanks. I updated the question. Commented May 23, 2016 at 8:30

1 Answer 1

Reset to default
6

The conditions mentioned in the descriptions refer to HTTP headers like If-Match, If-Modified-Since, If-None-Match, If-Range or If-Unmodified-Since so the use of 412 would not be appropriate in your case.

I think it's up to your interpretation if Not approved resources are simply unavailable 404, restricted to certain users 403 or locked 423.

I'd say in your case 423 (Locked) (until approval) would be the correct response.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

it looks like that status code is specific to WebDAV resources, confer the corresponding rfc for WebDAV or the MDN docs for status 423 - i wonder how appropriate it is to use the code in a non-WebDAV context.
@ValentinKrasontovitsch you're right, it's s definitely not appropriate for this case.The most correct status code here is actually 409

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.