I'm currently building a REST API using Node.js and came across something that's been bothering me a bit — error handling conventions.
I've noticed that some APIs always return HTTP 200 OK, even in cases where there's clearly an error, and they just include an error message in the JSON response body like this:
{
"success": false,
"message": "Invalid input"
}
On the other hand, many APIs use proper HTTP status codes, like:
- 400 for bad requests
- 401 for unauthorized
- 403 for forbidden
- 404 for not found
- 500 for internal server errors
My questions:
- Is it considered bad practice to always return 200 OK, even for failures?
- Should I stick to proper HTTP status codes for different error scenarios? In Node.js/Express, what’s the recommended approach:
res.status(200).json({ success: false })
or res.status(400).json({ message: "Bad request" })?
I really want to follow clean, standard, and developer-friendly practices, so that front-end or client developers consuming the API have clear expectations.
Would love to hear your thoughts, experiences, or any industry standards/patterns you follow
Thanks in advance!
Top comments (0)