Are these REST HTTP response codes correct and what about the Content-Type?
I am writing a controller helper that sets up the correct response headers for my REST controller action. It is inserted below and should be simplified enough for anyone not familiar with Zend Framework to understand what I am doing.
My question is: do these codes match their answers correctly, and in case of "access denied" do I use 401 or 403?
Also, in case of an error response, I understand that I should put the message in the body of the response, but should I set the "Content-Type" to "text / plain"?
<?php
class App_Controller_Helper_RestResponse extends Zend_Controller_Action_Helper_Abstract
{
public function denied()
{
// 403 or 401?
}
public function notFound()
{
// 404
}
public function created()
{
// 201
}
public function deleted()
{
// 204
}
public function redirect()
{
// 301
// new url
}
public function malformed()
{
// 400
}
public function gone()
{
// 410
}
}
a source to share
For those that look pretty good to me, I try to use 200 for delete, but I don't see anything wrong with using 204 if you never send back any object when handling the delete. As for 401 versus 403, they are difficult because they are called badly. 401 says "unauthorized", but the request to send the WWW-Authenticate header tells me that it should really be used when the request is not "authenticated". 401 says "I can't let you do this because I'm not satisfied, I know enough about you. On the other hand, the resource is" Forbidden ", just another way to say" not allowed "only in this case, there is no effort to force the user to better authenticate than they are.Use 403,when you need to express, "I know who you are and I don't care, I won't let you do that."
They look good otherwise, although you might consider 302, 303, and 307 as additional redirects depending on why you are redirecting. Take a further look at http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html and let me know if you need to know more about redirect headers.
a source to share