简体繁体 English

尝试创建超出最大限制的资源时，POST API请求的适当http状态代码应该是什么

[英]what should be the appropriate http status code for POST API request when trying to create resources beyond maximum limit

原文 2019-03-20 12:04:18 1 3 rest/ api/ http

I searched almost 2-3 hours for proper response code for below POST API but i did not get proper answer so I kindly request someone to help me here. 我在POST API下搜索了将近2-3个小时的正确响应代码，但没有得到正确答案，因此，请您在这里帮助我。

We have a POST API which creates resources maximum 10 times. 我们有一个POST API，最多可创建10次资源。 When we call POST API for 11th time, we should get a response with message "User exceeded the limit to create resource" and proper response code. 当我们第11次调用POST API时，我们将收到一条响应，并显示消息“用户超出了创建资源的限制”和正确的响应代码。 Please suggest what should be the proper response code. 请提出正确的响应码。

3 个解决方案

With the level of details provided in your question, I would suggest a status code in the 4xx range, along with a response payload that describes the error in a meaningful way for the client. 根据问题中提供的详细程度，我建议使用4xx范围内的状态代码，以及以对客户有意义的方式描述错误的响应有效负载。

You could consider 403 (Fobidden), expressing that the server understands the request, but refuses to authorize it. 您可以考虑403 （禁止），表示服务器可以理解该请求，但拒绝对其进行授权。 However there might be other status codes more suitable for your situation, depending on what your are trying to achieve: 但是，根据您要实现的目标，可能还有其他状态代码更适合您的情况：

402 (Payment Required): If the quota of requests has been exceeded, but more requests could be performed upon a payment, you could consider the 402 status code (even though the documentation says it's reserved for future use, its reason phrase is pretty clear and defines well its purpose). 402 （需要付款）：如果超出了请求配额，但是可以在付款后执行更多请求，则可以考虑使用402状态代码（即使文档说它已保留供将来使用，其原因也很清楚并明确定义其目的）。
429 (Too Many Requests): If you are applying restrictions on the number of requests per hour/day, the 429 status code may be suitable for your needs. 429 （请求太多）：如果您对每小时/每天的请求数量施加限制，则429状态代码可能适合您的需求。 However this status code is used by a server to indicate that too many requests have been received in a short amount of time, that is, the client is throttling. 但是，服务器使用此状态代码表示在短时间内收到了太多请求，即客户端正在节流。

If these status codes don't seem to match, simply go for 400 , which expresses a bad request. 如果这些状态代码似乎不匹配，则只需输入400 ，表示请求错误。

Status codes indicate the result of the attempt to understand and satisfy the request. 状态代码表示尝试理解并满足请求的结果。

But you have to keep in mind that status codes are sometimes not sufficient to convey enough information about an error to be helpful. 但是您必须记住，状态代码有时不足以传达有关错误的足够信息，以提供帮助。 That's why you are advised to return a payload that describes the error. 因此，建议您返回描述错误的有效负载。 The RFC 7807 defines a standard for that. RFC 7807为此定义了一个标准。

If you create your own status code for that (what you could do , but doesn't mean you should do ), be aware that clients will treat unrecognized status codes as being equivalent to the x00 status code of that class. 如果为此创建了自己的状态代码（ 可以做什么 ，但并不意味着应该这样做 ），请注意，客户端会将无法识别的状态代码视为等同于该类的x00状态代码。 From the RFC RFC 7231 : 从RFC RFC 7231中：

For example, if an unrecognized status code of 471 is received by a client, the client can assume that there was something wrong with its request and treat the response as if it had received a 400 (Bad Request) status code. 例如，如果客户端收到无法识别的状态代码471 ，则客户端可以假定其请求有问题，并将响应视为已接收到400 （错误请求）状态代码。 The response message will usually contain a representation that explains the status. 响应消息通常将包含解释状态的表示。

You should try to use a 4xx status. 您应该尝试使用4xx状态。 Personally, I would use 403 because the user is forbidden to create the object. 就个人而言，我将使用403，因为禁止用户创建对象。

The HTTP 403 Forbidden client error status response code indicates that the server understood the request but refuses to authorize it. HTTP 403禁止的客户端错误状态响应代码指示服务器理解了该请求，但拒绝对其进行授权。 This status is similar to 401, but in this case, re-authenticating will make no difference. 此状态类似于401，但是在这种情况下，重新认证不会有任何区别。 The access is permanently forbidden and tied to the application logic, such as insufficient rights to a resource. 永久禁止访问并将访问与应用程序逻辑绑定在一起，例如对资源的权限不足。 source 资源

And then you can add a message to the request body explaining why the request is not successful. 然后，您可以向请求正文中添加一条消息，解释请求失败的原因。 Some more info about 403 有关403的更多信息

Also, I like to check this page if I need an overview of all status codes: Status Codes 另外，如果需要所有状态代码的概述，我想检查此页面：状态代码

I would suggest 400, Bad Request. 我建议400，错误请求。

403 is more for authorization issues which this is not. 403用于授权问题，而不是。 Provide a clear explanation why you're returning 400 and you're good to go. 提供明确的解释，说明为什么要返还400，而且还不错。

Yes, it's a more generic solution, which is exactly what makes it more appropriate. 是的，这是一个更通用的解决方案，这正是使它更合适的原因。

HTTP status codes have very clear use cases which are understood by everyone. HTTP状态代码具有非常清晰的用例，每个人都可以理解。 It is not advisable to "reuse" one for something else. 建议不要“重用”另一个。