处理请求时出错的 HTTP 代码
[英]HTTP code for an error in processing a request
问题描述
Let's say we have an HTTP request made by the client.
假设我们有客户端发出的 HTTP 请求。 The endpoint exists and is accessible by the client (this rules out 401, 403, 404 and 405).端点存在并且可由客户端访问(这排除了 401、403、404 和 405)。 The request payload is valid (this rules out 400).请求有效负载有效(这排除了 400)。 The server is alive and well, and is able to handle the request and return a response (this rules out 5xx).服务器运行良好,能够处理请求并返回响应(这排除了 5xx)。
The error arises within the processing of the request.错误发生在请求的处理过程中。 Examples of such errors may include:此类错误的示例可能包括:
- Business validation error.业务验证错误。
- Querying for an entity in a database that does not exist.查询数据库中不存在的实体。 Assume that the database lookup is only one part of the request processing pipeline (eg not the client request itself).假设数据库查找只是请求处理管道的一部分(例如不是客户端请求本身)。
- The server that handles the original client request makes an internal HTTP request that fails.处理原始客户端请求的服务器发出失败的内部 HTTP 请求。 In this case, the handling server is alive and well, while the internal HTTP request may return a 5xx.在这种情况下,处理服务器正常运行,而内部 HTTP 请求可能返回 5xx。 Assume that the internal HTTP request is only one part of the request processing pipeline (eg not the client request itself).假设内部 HTTP 请求只是请求处理管道的一部分(例如不是客户端请求本身)。
What is the appropriate HTTP code to assign for these responses?为这些响应分配的适当 HTTP 代码是什么?
I've seen API docs use 402 ( Stripe ) and 422 ( PayPal ), though I haven't come across anything definitive.我已经看到 API 文档使用 402 ( Stripe ) 和 422 ( PayPal ),但我还没有遇到任何明确的问题。
Thoughts from the community welcome!欢迎来自社区的想法! Thanks.谢谢。
3 个解决方案
解决方案1
1 2020-11-03 20:19:50
This may be where the use of custom defined error response codes may come in, As long as you respect the already defined response codes.这可能是使用自定义定义的错误响应代码的地方,只要您尊重已经定义的响应代码。 For example you could define 600 as your response code and in your API Docs specify what these custom codes mean in detail.例如,您可以将 600 定义为您的响应代码,并在您的 API 文档中详细指定这些自定义代码的含义。 For more information of all existing codes I would reference Iana: http://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml有关所有现有代码的更多信息,我会参考 Iana: http : //www.iana.org/assignments/http-status-codes/http-status-codes.xhtml
Now if your goal is to stay within existing http response boundaries I would recommend something along the lines of:现在,如果您的目标是保持在现有的 http 响应范围内,我会推荐以下内容:
- Unprocessable failure: Status 422无法处理的故障:状态 422
- Authorization failure: Status 403授权失败:状态 403
Unable to process could mean many things such as the aforementioned business validation error.无法处理可能意味着很多事情,例如上述业务验证错误。
解决方案2
1 2020-11-03 21:37:57
Business validation error.
This could be 400, 422, 403, 409 depending on what business validation means.这可能是 400、422、403、409,具体取决于业务验证的含义。
Querying for an entity in a database that does not exist.
Sounds like 400, 409 or 422.听起来像 400、409 或 422。
The server that handles the original client request makes an internal HTTP request that fails.
The client doesn't know/care about internal http requests.客户端不知道/关心内部 http 请求。 The point is that it's failed, and it's a bug/system failure so this is a 5xx error.关键是它失败了,这是一个错误/系统故障,所以这是一个 5xx 错误。
The most important thing to remember when choosing a HTTP status code is:选择 HTTP 状态代码时要记住的最重要的事情是:
- Make sure you have the general class correct, so 4xx and 5xx depending on this is a client/server error.确保您的通用类正确,因此 4xx 和 5xx 取决于这是客户端/服务器错误。
- If you need something more specific, ask yourself why .如果你需要更具体的东西,问问自己为什么。 Is your client going to be able to make a better decision if it received a 400 or 409?如果收到 400 或 409,您的客户是否能够做出更好的决定? If not, maybe it's not that important.如果没有,也许这不是那么重要。
I wrote a ton about error codes here , and would suggest you read a bunch of the 4xx entries.我在这里写了很多关于错误代码的内容,并建议您阅读一堆 4xx 条目。
Also a great blog post from one of the authors of the HTTP standards, which goes more into the idea that finding the perfect status code for a case is not that important.也是 HTTP 标准的一位作者的一篇很棒的博客文章,它更多地说明了为案例找到完美的状态代码并不是那么重要的想法。
解决方案3
1 已采纳 2020-11-04 12:01:44
What is the appropriate HTTP code to assign for these responses?
Two important ideas两个重要的想法
First - your API is a facade, designed to make it look your service/business logic/etc is just another HTTP compliant document store (aka the "uniform interface" constraint).首先 - 您的 API 是一个外观,旨在使其看起来您的服务/业务逻辑/等只是另一个符合 HTTP 的文档存储(又名“统一接口”约束)。 For the purposes of designing your responses, the specific nature of your resources and the implementation details are not significant.出于设计响应的目的,资源的特定性质和实施细节并不重要。
Second - the important point of a status code is how that status code will be understood by general purpose components (think browsers, web caches, reverse proxies, spiders...).其次 - 状态代码的重点是通用组件如何理解状态代码(想想浏览器、网络缓存、反向代理、蜘蛛……)。 We're trying to help these components broadly categorize the nature of the response.我们正在尝试帮助这些组件对响应的性质进行广泛的分类。 (This is one reason why there are relatively few codes in the 5xx class; there just isn't much that a general purpose component can do differently if the servers handling of the request fails). (这是 5xx 类中代码相对较少的原因之一;如果服务器处理请求失败,通用组件可以做的不同的事情很少)。
And here's the thing: if the general purpose handling of two status codes isn't significantly different.事情就是这样:如果两个状态代码的通用处理没有显着不同。 403 Forbidden and 409 Conflict have different semantics associated with them, but the differences in the standardized handling of those codes, if any, are pretty subtle. 403 Forbidden和409 Conflict具有与之相关的不同语义,但是这些代码的标准化处理的差异(如果有的话)非常微妙。
You should make an effort to get 4xx vs 5xx right.您应该努力使 4xx 与 5xx 正确。 It's often less important to precisely identify which 4xx code to use.准确识别要使用的 4xx 代码通常不太重要。
Business validation error
Common choices here would be 409 Conflict (your request is not consistent with my copy of the data), or 403 Forbidden (I understood your request, but I'm not going to fulfill it).这里的常见选择是409 Conflict (您的请求与我的数据副本不一致)或403 Forbidden (我理解您的请求,但我不会满足它)。
If the problem is the data within the request itself (ie: somebody submitted the wrong form) you are more likely to see a 422 Unprocessable Entity (yes, I accept application/json, but not this application/json).如果问题是请求本身中的数据(即:有人提交了错误的表单),您更有可能看到422 Unprocessable Entity (是的,我接受 application/json,但不接受这个application/json)。
Querying for an entity in a database that does not exist.
The implementation details don't matter;实现细节无关紧要; can you trace the problem back to the HTTP request?你能把问题追溯到 HTTP 请求吗?
If the problem traces back to the URI (we parse the target uri for some information, and use that information to lookup information in our data store), then 404 Not Found is often a good choice.如果问题追溯到 URI(我们解析目标 URI 以获得一些信息,并使用该信息在我们的数据存储中查找信息),那么404 Not Found通常是一个不错的选择。 If the problem traces back to the body of the request (we expected some option in the form to match an entry in our enumerated list, but it doesn't), then 409 Conflict is reasonable.如果问题追溯到请求的主体(我们期望表单中的某些选项与我们枚举列表中的条目匹配,但事实并非如此),那么409 Conflict是合理的。
If the server's data is flat out issing, then you are probably looking at a 500 Internal Server Error .如果服务器的数据完全稳定,那么您可能正在查看500 Internal Server Error 。
The server that handles the original client request makes an internal HTTP request that fails.
A failure of the server to connect to some other HTTP server is purely an implementation detail, like not being able to connect to a database or a file system.服务器无法连接到某个其他 HTTP 服务器纯粹是一个实现细节,例如无法连接到数据库或文件系统。
Unless that failure is a consequence of information in the request, you are going to end up with the 500 Internal Server Error .除非该失败是由请求中的信息引起的,否则您将以500 Internal Server Error 结束。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.