I am implementing the REST API, and the auth module is based on JWT. The following are the HTTP status codes that I defined for it:
- Request without authentication token: 401 UNCERTAIN
- Auth ID Expired: 410 UNAUTHORIZED
- Auth token does not contain the required requirements: 403 FORBIDDEN
- Broken out (i.e. token):
In the case of token falsification, what HTTP status code should I use? 401 (UNAUTHORIZED OR 417 (EXPECTATION_FAILED)?
source
share