Token Expired - JSON REST API - Error Code

rest web-services api-design

I've got a JSON REST API. There is a handshake that will give you a token that is valid for 15 minutes. All calls you do within those 15 minutes should work ok. After the 15 minutes I am returning an error object (includes code, message, success = false) but I was also wondering what HTTP Error Code I should return? And will using a HTTP error code mess up certain clients? (HTML5, iPhone, Android). What is considered best practice in this scenario?


You should return a 401 Unauthorized Status Code. You might additionally provide hypermedia to establish the token again

Think about what happens in a web app. You go to say a banking site. If not auth'd it will send you to the log in page. Then you log in and you are good to go for a time. Then it expires and the cycle repeats.

Just a thought.


according to the spec rfc6750 - "The OAuth 2.0 Authorization Framework: Bearer Token Usage", https://www.rfc-editor.org/rfc/rfc6750, p.8, section 3.1, resource server should return 401:

invalid_token The access token provided is expired, revoked, malformed, or invalid for other reasons. The resource SHOULD respond with the HTTP 401 (Unauthorized) status code. The client MAY request a new access token and retry the protected resource request.


FWIW Facebook uses 400 with a custom JSON response. I personally would prefer 401 with custom JSON response.

Here is FB's response body:

{
  "error": {
    "message": "Error validating access token: Session has expired on Jul 17, 2014 9:00am. The current time is Jul 17, 2014 9:07am.",
    "type": "OAuthException",
    "code": 190,
    "error_subcode": 463
  }
}

Related

Set logging levels
How to MOQ an Indexed property
Is the Space of bounded functions with the maximums norm a Banach space and even a Banach Algebra?
How was $e$ first calculated?
Euler numbers grow $2\left(\frac{2}{ \pi }\right)^{2 n+1}$-times slower than the factorial?
Complex matrix that commutes with another complex matrix.
Equivalent definitions of convexity for $f\in\mathcal C^1(\mathbb R^n)$
Number Theory: Solutions of $ax^2+by^2\equiv1 \pmod p$
Taylor Series of $\tan x$
Locally continuously differentiable implies locally Lipschitz
Why holomorphic injection on $C^n$must be biholomorphic?
Show that $r$ is a spherical curve iff $(1/\kappa)^2+((1/\kappa)'(1/\tau))^2$ is a constant.