REST API Validation Standards · REST-04
All API endpoints that receive data must validate that input · REST-04.1 · MUST · DEV
For example, validating the content of a request body, or the ID in a query string.
Validation errors should be returned as a 400 (Bad Request) status code · REST-04.2 · SHOULD · DEV
A validation error is an error on behalf of the client, and there a code in the 4** range is appropriate. Generally speaking a 400 status code is the best choice.
Error HTTP status codes must contain information about the error returned · REST-04.3 · MUST · DEV
In the case of a non-2** status code being returned, a response body must contain information about the error.
The structure of the error response must be consistent across the API, i.e. all responses should have a body with the same structure. The following points should be considered:
- Return a list of errors rather than a single error
- Return an error code as well as a message