DEV Community

Cover image for 200 HTTP Response Abuse
Dendi Handian
Dendi Handian

Posted on • Updated on

200 HTTP Response Abuse

Let's be honest and real, I'm sure that I'm not the only one experiencing this.

Are you or your co-worker, especially the backend developer, made all the responses always to be 200 even though it returns an error message like the server's internal error or the client's validation error?

What is your or their intention to make it that way? while there are standardized and appropriate http codes for specific cases out there.

If you wonder how to find these http codes and their respective meaning, I use the symfony http foundation as reference: Symfony HTTP Foundation component


cover image from: https://www.youtube.com/watch?v=nSKp2StlS6s

Top comments (7)

Collapse
 
lukeocodes profile image
@lukeocodes 🕹👨‍💻

Facebook's API used to return 200s for everything!

Sometimes the focus on the API isn't on semantics, but just volume of data, or they're just very opinionated about how they want to surface errors to users (not semantically)

I do like a semantic API. Most of our APIs are semantic now, but some legacy ones return 200s with error codes, while we're working to phase them out.

Collapse
 
dendihandian profile image
Dendi Handian • Edited

Wow, I didn't know that since I haven't used Facebook API before. Maybe this phenomenon takes a big part in influencing these peoples 😮

Yes, legacy ones should make sense if it still likes that. But in my experience of working in a small to medium companies level in my country, I still find they use 200 OK everywhere.

If there is anyone who follows the standardized HTTP responses around me, I would be impressed.

Collapse
 
lukeocodes profile image
@lukeocodes 🕹👨‍💻

When I used to architect and build APIs, I'd follow the Richardson Maturity Model: martinfowler.com/articles/richards...

Collapse
 
wparad profile image
Warren Parad

It's always better to start small and work up, while returning 200 with an error is never okay, a better primer is a short guide on the most important client error status codes

Collapse
 
alainvanhout profile image
Alain Van Hout

I'd wager that it's generally either lack of knowledge and/or lack of motivation, since it's somewhat easier to just add an 'errorMessage' to the DTO and be done with it.

Collapse
 
dendihandian profile image
Dendi Handian

Yes, my assumption is the same as yours. It's either the backend doesn't know how to do it or the frontend doesn't know how to use it. But mostly I believe it's on the backend team.

Collapse
 
alainvanhout profile image
Alain Van Hout

Generally speaking, it's the backend team that makes the API, so then it can only be the backend team that makes that choice. Except of course when the API design is something that has been dictated to them, and isn't open for discussion and improvement. That can unfortunately sometimes be the case.