I prefer simplicity and using the first example but I’d be happy to hear other options. Here’s a few examples:

HTTP/1.1 403 POST /endpoint
{ "message": "Unauthorized access" }
HTTP/1.1 403 POST /endpoint
Unauthorized access (no json)
HTTP/1.1 403 POST /endpoint
{ "error": "Unauthorized access" }
HTTP/1.1 403 POST /endpoint
{
  "code": "UNAUTHORIZED",
  "message": "Unauthorized access",
}
HTTP/1.1 200 (🤡) POST /endpoint
{
  "error": true,
  "message": "Unauthorized access",
}
HTTP/1.1 403 POST /endpoint
{
  "status": 403,
  "code": "UNAUTHORIZED",
  "message": "Unauthorized access",
}

Or your own example.

  • @[email protected]
    link
    fedilink
    114 months ago

    At a previous job we had an unholy combination of the last two:

    HTTP/1.1 200 POST /endpoint 
    {
      "data": null,
      "errors": ["403", "unauthorized"],
      "success": false
    }
    
    • @BrianTheeBiscuiteer
      link
      14 months ago

      That really is unholy and I also couldn’t work there long if they thought that was OK (pun intended).

      • lemmyvore
        link
        fedilink
        English
        14 months ago

        It’s a perfectly fine way of doing things as long as it’s consistent and the spec is clear.

        HTTP is a transport layer. You don’t have to use its codes for your application layer. It’s often done that way but it’s not the only way.

        In the example above the transport layer is saying “OK I’ve delivered your output” which is technically correct. It’s not concerned with logical errors inside what it was transporting, just with the delivery itself.