Improve this question. Francesco Boi 6, 8 8 gold badges 60 60 silver badges 94 94 bronze badges. AwkwardCoder AwkwardCoder 23k 24 24 gold badges 80 80 silver badges bronze badges. Add a comment. Active Oldest Votes. No response body needed. Per Section 9. RFC Section Improve this answer. Fletch 4, 2 2 gold badges 37 37 silver badges 52 52 bronze badges.
That seems pretty presumptuous on the part of Mozilla, since I can find nothing in RFC notably sections Did I miss something? Probably because someone read about it here. The semantics of the PUT method is to ignore whatever current state the resource is in, therefore to return a conflict for a PUT that is unsuccessful due to a 3rd party modification only makes sense if the request is conditional.
One small point: if you are not going to be returning a response body to a successful operation, I would suggest using a exclusively. Some clients jQuery Ajax, for example will choke if they are expecting a non-zero length response but don't get it.
You can see an example of this in this question. Possibly RFC has been updated since this was answered. No where in 9. In fact the response body is not mentioned at all in relation to a PUT. Show 15 more comments. LiorH LiorH Raedwald sure it is.
Some fields might not make sense to update -- created date or last modified date, for example, should probably not be included in the PUT body, but would likely be changed as a result of the PUT. MarcoCiambrone Yes, I agree and I recant my previous comment.
PATCH is a new verb, however, and may not be supported by some server-side frameworks. The answer was written well before rfc, but section 4. What if the updated object is large? Seems wasteful to return a lot of data that isn't likely to be used.
Brian Agnew Brian Agnew k 36 36 gold badges silver badges bronze badges. It would be better if the HTTP can send back the body of the response. Make a separate GET call after a successful update to achieve what you want. In order to ensure performance introduce a caching layer if you are facing issues in this department. We can't solve these issues by messing around with 'everything goes' kind of logic. Don't mess around with 'solid' and basic programming principles which should be common sense in the year This response code means the returned metadata is not exactly the same as is available from the origin server, but is collected from a local or a third-party copy.
This is mostly used for mirrors or backups of another resource. Except for that specific case, the OK response is preferred to this status.
There is no content to send for this request, but the headers may be useful. The user agent may update its cached headers for this resource with the new ones. This response code is used when the Range header is sent from the client to request only part of a resource.
Conveys information about multiple resources, for situations where multiple status codes might be appropriate.
The server has fulfilled a GET request for the resource, and the response is a representation of the result of one or more instance-manipulations applied to the current instance. The request has more than one possible response. The user agent or user should choose one of them. There is no standardized way of choosing one of the responses, but HTML links to the possibilities are recommended so the user can pick. The URL of the requested resource has been changed permanently.
The new URL is given in the response. This response code means that the URI of requested resource has been changed temporarily. Further changes in the URI might be made in the future.
Therefore, this same URI should be used by the client in future requests. This is used for caching purposes. It tells the client that the response has not been modified, so the client can continue to use the same cached version of the response. Defined in a previous version of the HTTP specification to indicate that a requested response must be accessed by a proxy.
It has been deprecated due to security concerns regarding in-band configuration of a proxy. This response code is no longer used; it is just reserved. The server sends this response to direct the client to get the requested resource at another URI with same method that was used in the prior request.
Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. This response code is reserved for future use. The initial aim for creating this code was using it for digital payment systems, however this status code is used very rarely and no standard convention exists.
The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Not scalable or maintainable. Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more.
Ask Question. Asked 5 years, 7 months ago. Active 1 year, 3 months ago. Viewed k times. Any thoughts? Improve this question. Good question, but using the term "best-practice" is sort of taboo on this site meta. As a bit of a follow-up, would it be a good idea to have a flag in the request so that for example a mobile application can get the whole object returned when on WiFi, but only the ID when using cellular data? Is there a header that should be used for that to avoid polluting the JSON?
AndrewPiliser Interesting idea, although I personally think it's just best to pick one approach and stick to it. Then as your application develops or becomes more popular, optimise it — iswinky. It's extremely handy, especially as it keeps the submission of new data and request for the updated version atomic.
Add a comment. Active Oldest Votes. Improve this answer. Eric Stein Eric Stein 3, 9 9 silver badges 16 16 bronze badges. Yes, the client "composes" but only in a "fill in the blanks" kind of way.
While not pure HATEOAS it achieves the objective and makes working with objects that have a large number of "action" uri's a bit less bandwidth sensitive, not to mention when you put those objects in a largish list.
Does the "no arbitrary message" focus on string messages or any return value that is not the created resource? I'm focusing on cases where we return the id of the created resource but not the resource itself and was wondering where this fits in. Personally, I always return only OK. Mawg says reinstate Monica Mawg says reinstate Monica 3, 2 2 gold badges 30 30 silver badges 50 50 bronze badges. See stackoverflow. I'd like to challenge the assumption the client knows which object is being updated.
I work in mobile and a pattern is to decouple requests from responses this makes life much easier in an asynch paradigm. Otherwise, I have to keep track of which object is awaiting a response.
Your user might post a partial object with only a few of the fields set. The returning object would have finished the object with generated ID's and the like. Here is the same concept in a API design book: apihandyman.
The reason to return an object, because in most of the cases client will pass a limited list of arguments, ex: title, description.
0コメント