Security
RESTful web service
As RESTful Web Services work with HTTP URL Paths, it is very important to safeguard a RESTful Web Service in the same manner as a website is secured.
Following are the best practices to be adhered to while designing a RESTful Web Service −
HTTP Code
| Sr.No. | HTTP Code & Description |
|---|---|
| 1 | 200 OK − shows success. |
| 2 | 201 CREATED − when a resource is successfully created using POST or PUT request. Returns link to the newly created resource using the location header. |
| 3 | 204 NO CONTENT − when response body is empty. For example, a DELETE request. |
| 4 | 304 NOT MODIFIED − used to reduce network bandwidth usage in case of conditional GET requests. Response body should be empty. Headers should have date, location, etc. |
| 5 | 400 BAD REQUEST − states that an invalid input is provided. For example, validation error, missing data. |
| 6 | 401 UNAUTHORIZED − states that user is using invalid or wrong authentication token. |
| 7 | 403 FORBIDDEN − states that the user is not having access to the method being used. For example, Delete access without admin rights. |
| 8 | 404 NOT FOUND − states that the method is not available. |
| 9 | 409 CONFLICT − states conflict situation while executing the method. For example, adding duplicate entry. |
| 10 | 500 INTERNAL SERVER ERROR − states that the server has thrown some exception while executing the method. |