I am trying to determine the best practice in the REST API to determine if a client can access a specific resource. Two quick scenarios:
Phone book search service. The client looks at the phone number, for example, referring to. GET http://host/directoryEntries/numbers/12345
... where 12345
is the phone number that can be found in the directory. If it exists, it will return information such as the name and address of the person whose phone number.
Video format transfer service. The client sends the video in one format, for example. POST http://host/videos/
... and receives the "video GUID" that was generated by the server for this video. Then the client checks, for example.
GET http://host/videos/[GUID]/flv
... to get video converted to FLV format if a converted version exists.
You will notice that in both cases above I did not mention what should happen if the resource being checked does not exist. This is my question here. I read in various other places that the correct RESTful way for a client to check if a resource exists here is to call HEAD
(or possibly GET
) on the resource, and if the resource does not exist, it should expect a 404 response. That would be nice , except that 404 is widely regarded as a “mistake”; the HTTP / 1.1 specification states that the 4xx status code class is designed for cases where the client seems to be wrong. But wait; in these examples, the client probably was not mistaken. He expects that he will be able to return 404 (or others, perhaps 403, if he does not have access to this resource), and he was not mistaken in requesting the resource. 404 is not intended to indicate an “error condition”, it is simply information - “this does not exist”.
And browsers behave as the HTTP spec indicates, as if the 404 response is a genuine error. Both the Google Chrome console and Firebug cause a large red “404 Not Found” error message in the Javascript console every time a 404 is received by an XHR request, regardless of whether it was processed by the error handler or not, and there is no way to disable it. This is not a problem for the user, because they do not see the console, but as a developer I do not want to see a bunch of 404 errors (or 403, etc.) in my JS console, when I know perfectly well that they are not errors, and the information is processed my javascript code. This is linear noise. In the second example that I gave, it is linear noise to the extreme, because the client will most likely poll the server for this /flv
, as it may take some time to compile, and the client wants to display "not compiled" yet gets non-404. A 404 error may appear that appears in the JS console every second or two.
So, is this the best or most correct way that we have with REST to check for a resource? How do we get around line noise in the JS console? It is possible that in my second example, another URI may be requested to check the compilation status, for example:
GET http://host/videos/[GUID]/compileStatus
... however, this seems to violate the REST principle a bit; you do not use HTTP completely and paying attention to HTTP headers, but instead create your own protocol by which you return information in the body telling you what you want to know, and always return HTTP 200 to close the browser. It was serious criticism of SOAP - it tries to "get around" HTTP, rather than using it fully. According to this principle, why should you ever return a 404 status code? You can always return 200 - of course, 200 indicates that information about the status of the resource is available, and status information tells you what you really wanted to know - the resource was not found. Of course, the RESTful path should be to return a 404 status code.
This mechanism seems even more invented if we apply it to the first of the above examples; the client may request:
GET http://host/directoryEntries/numberStatuses/12345
... and, of course, get 200; there is information about the status of number 12345
and reports ... that the number was not found in the directory. This would mean that ANY number queried would be "200 OK", although it might not exist - does it look like a good REST interface?
Am I missing something? Is there a better way to determine if a RESTfully or HTTP resource exists, is possibly being updated to indicate that non-2xx status codes need not be considered “errors” and are merely information? Should browsers be configured to not always display non-2xx status responses as “errors” in the JS console?
PS. If you read this, thanks .; -)