People Who Insist on Overly-Precise HTTP Success Response Codes

June 20th, 2015 Permalink

Per specification HTTP responses include a numeric code to indicate status. There are a few broad categories: informational, which you'll never see in practice, success, redirection, failure because you, the client, didn't do the right thing when issuing the request, and failure due to server error. Some codes are much more commonly employed than others: 200 for success, 404 meaning that the resource you requested doesn't exist, 500 as a generic bucket for any sort of server-side failure.

As you stroll through a life of building glue code and ad-hoc API clients, it occasionally becomes important that there are in fact numerous different response status codes implying success. While 99% of the world's API and web application engineers seem happy to conform to the practice of returning a 200 status for success, some apparently feel it is their duty to make use of 201, resource created, or 204, request successful but don't expect any content to be in the response, or any of the other even more arcane success codes.

Your average ad-hoc HTTP request implementation probably looks something like this:

var util = require('util');
var request = require('request');
 
request({
  url: 'http://www.example.com/api'
}, function (error, response, body) {
  if (error) {
    return handleError(error);
  } else if (response.statusCode != 200) {
    return handleError(new Error(util.format(
      'Response with status code %s: %s', response.statusCode, body
    )));
  }
  processResponse(body);
});

This will work 99% or more of the time, but obviously is sabotaged by an API that returns a status code of 201 for success under some circumstances. Is this a case of the API designer being overly clever for no good reason, or is it the case that the client implementer should be more cautious? We could probably argue on this point. My advice is to avoid cleverness for the sake of it when building an API, and to be paranoid when building a client. Neither of these paths costs anything, and avoids future issues. For the client, for example:

var util = require('util');
var request = require('request');
 
request({
  url: 'http://www.example.com/api'
}, function (error, response, body) {
  if (error) {
    return handleError(error);
  } else if (response.statusCode < 200 || response.statusCode >= 300) {
    return handleError(new Error(util.format(
      'Response with status code %s: %s', response.statusCode, body
    )));
  }
  processResponse(body);
});