Security
RESTful web service
As RESTful Web Services work with HTTP URL Paths, it is very important to safeguard a RESTful Web Service in the same manner as a website is secured.
Following are the best practices to be adhered to while designing a RESTful Web Service β
HTTP Code
Β
| Sr.No. | HTTP Code & Description |
|---|---|
| 1 | 200 OK β shows success. |
| 2 | 201 CREATED β when a resource is successfully created using POST or PUT request. Returns link to the newly created resource using the location header. |
| 3 | 204 NO CONTENT β when response body is empty. For example, a DELETE request. |
| 4 | 304 NOT MODIFIED β used to reduce network bandwidth usage in case of conditional GET requests. Response body should be empty. Headers should have date, location, etc. |
| 5 | 400 BAD REQUEST β states that an invalid input is provided. For example, validation error, missing data. |
| 6 | 401 UNAUTHORIZED β states that user is using invalid or wrong authentication token. |
| 7 | 403 FORBIDDEN β states that the user is not having access to the method being used. For example, Delete access without admin rights. |
| 8 | 404 NOT FOUND β states that the method is not available. |
| 9 | 409 CONFLICT β states conflict situation while executing the method. For example, adding duplicate entry. |
| 10 | 500 INTERNAL SERVER ERROR β states that the server has thrown some exception while executing the method. |