Geek Answers Handbook

Sending application-specific messages

In our business logic, a change occurs when previously with one of the APIs that we use to return the list, for example. a list of employees. We recently introduced authorization checks to find out if a particular user has permission to view a particular employee.

If it is said that there are 10 employees who should be returned by the GET method, only 5 will be returned due to a lack of permission. The request itself in this case is successful. Currently, I am not sure how to pass information to the client that there are 5 employees who are filtered out due to lack of permission.

  • Should this show up in HTTP status codes? If so, which status code matches this? Or is this not a mistake?
  • What would be the best approach in this case?
+4
source share
1 answer

The status code alone will not be sufficient to indicate a partial response. Status code 206 sounds close by name, but is used when the client specifically requests a partial data set based on the headers.

Use 200. The request was successful in the end, and the reason for the smaller dataset is the property of your API, so additional metadata in the response to indicate that the message may be sufficient.

Assuming a JSON response:

{
    "data": [ ... ],
    "messages": [
        "Only some data was returned due to permissions."
    ]
}

If you have many consumers and are concerned about backward compatibility, you can also specify the type of JSON media for a particular provider:

"Content-Type": "application/vnd.myorg-v2+json"
+2
source

More articles:


All Articles