当提供无效的查询参数时,REST API是否应返回4xx响应?
[英]Should a REST API return a 4xx response when an invalid query parameter is supplied?
问题描述
Consider a RESTful API that accepts GET requests to list items: 
考虑一个RESTful API,它接受GET请求来列出项目:
GET /1.0/items/
>> {"items": [{}, {}, ..., {}]} # All items returned
Now consider that each item has a color field, and I can filter my items: 现在考虑每个项目都有一个颜色字段,我可以过滤我的项目:
GET /1.0/items?color=blue
>> {"items": [{}, {}, ..., {}]} # Only blue items returned
If my API receives an invalid query parameter (not an invalid value on a valid query parameter): 如果我的API收到无效的查询参数 (不是有效查询参数的无效值):
GET /1.0/items?notvalid=blue
What should the expected behavior be? 预期的行为应该是什么? Should my API return a 4xx response informing the client that the request was invalid, or should the API perform the listing of the items as if no filter parameter was supplied? 我的API应该返回4xx响应,通知客户端请求是无效的,还是API应该执行项目列表,就像没有提供过滤器参数一样?
2 个解决方案
解决方案1
2 已采纳 2017-04-04 02:40:56
Should my API return a 4xx response informing the client that the request was invalid, or should the API perform the listing of the items as if no filter parameter was supplied?
/1.0/items?notvalid=blue identifies a resource. /1.0/items?notvalid=blue标识资源。 This identifier can be interpreted as a hierarchical part and a query (see RFC 3986, section 3 ), but the identifier is the whole thing. 此标识符可以解释为分层部分和查询(请参阅RFC 3986,第3节 ),但标识符是整个事物。 A document store, faced with a URI for a resource that doesn't exist, would respond with a 404 error. 面向不存在的资源的URI的文档存储将响应404错误。 So that behavior is perfectly acceptable (one might also use the more general 400 error, but that's not common). 所以这种行为是完全可以接受的(人们也可能使用更一般的400错误,但这并不常见)。
An alternative approach, that has merit, is use a must ignore policy. 另一种具有优点的方法是使用必须忽略的策略。 Treating the URI as a x-www-form-urlencoded expression of key-value pairs, one can liberally accept the query, ignoring the keys that are not recognized, and providing default values for any keys that are missing. 将URI视为键值对的x-www-form-urlencoded表达式,可以自由地接受查询,忽略未识别的键,并为缺失的任何键提供默认值。
Taking that approach, this identifier would be treated as though it had been spelled /1.0/items? 采用这种方法,这个标识符将被视为拼写为/1.0/items? This gives you some protection against change (clients and servers don't need to have exact agreement to make progress). 这为您提供了一些防止变更的保护(客户端和服务器不需要具有完全一致的进展)。
Note: in REST - the client would normally be consuming hypermedia representations that guide it through the protocol; 注意:在REST中 - 客户端通常会消耗超媒体表示来引导它完成协议; thus the client would discover, via forms or uri templates, which parameters were expected as part of the query string. 因此,客户端将通过表单或uri模板发现哪些参数是预期的查询字符串的一部分。 This is really just the same must-ignore semantic, but applied in a different place. 这实际上只是必须忽略的语义,但在不同的地方应用。
should the API perform the listing of the items as if no filter parameter was supplied?
You might want to explicitly identify the reference you are returning, so that the client can detect the discrepancy; 您可能希望明确标识要返回的引用,以便客户端可以检测到差异; for instance by redirecting the request to the identify that you are going to return, or by returning a Content-Location header. 例如,通过将请求重定向到您要返回的标识,或者返回Content-Location标头。
解决方案2
1 2017-04-03 21:19:38
According to JSON API documentation: 根据JSON API文档:
In most cases, JSON API requires the server to return an error when it encounters an invalid value for a JSON API–defined query parameter.
This is the behavior that I usually see on APIs. 这是我通常在API上看到的行为。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.