Is an empty body right if Content-Type is application / json?

Question

Is an empty body right if Content-Type is application / json?

I will return a 401 status code if the token is incorrect for the tokens / verify endpoint and there is no need to send any body content to the user.

Is it right to send empty bodies for a content type application/json?

+4

json http response request

Sergei Basharov Nov 15 '16 at 16:03

source share

2 answers

Julian Reschke · Answer 1 · 2016-11-16T05:24:13+0000

No no. If you declare a JSON payload, you need to send JSON. The status code is not related to this.

An empty body is not valid JSON. The minimum allowable JSON is {}, [], ""(an empty string enclosed in quotation marks), nulland so on, but the body is not empty a valid JSON.

Andrei Dragotoniu · Answer 2 · 2016-11-15T16:10:09+0000

Absolutely, the client will take care of the HTTP code, 401 means "not authorized", and there is no value in sending something else.

Think of it this way, what else could you send to a customer who could help?

You cannot give them more details, as this will become a security issue. So, don't worry about it, stick to 401 and no response body. Customers can handle this on their own.

Is an empty body right if Content-Type is application / json?

More articles: