0

I'm building an API for a url shortening service of sorts, and check when a POST request is made (to shorten a url) that the url is not a shortened url from my domain. If this is the case, I don't want to shorten it and want to send back the appropriate HTTP status code to say that the POST request is being denied. I was thinking that perhaps 403 Forbidden is the way to go, but I'm not sure if Forbidden applies to POST requests so much as GET.

Is Forbidden the way to go, or is there some other more appropriate code?

Andre C
  • 457
  • 1
  • 9
  • 26
  • Possible duplicate of [REST HTTP status codes for failed validation or invalid duplicate](https://stackoverflow.com/questions/3290182/rest-http-status-codes-for-failed-validation-or-invalid-duplicate) – Quentin Jul 23 '17 at 10:32
  • "I'm not sure if Forbidden applies to POST requests so much as GET" — It does, but it is still wrong here: *403 Forbidden — The request was valid, but the server is refusing action. The user might not have the necessary permissions for a resource, or may need an account of some sort.* – Quentin Jul 23 '17 at 10:32
  • I did come across that post in my research, but it only confused me more as each comment seems to offer a different answer. Thank you for the clarification in your second comment. – Andre C Jul 23 '17 at 10:41
  • That's because the spec doesn't provide a status code is is clearly good for this purpose. – Quentin Jul 23 '17 at 12:46

0 Answers0