HTTP status codes
DRACOON's REST API makes use of several standardized HTTP status codes to signal whether a certain request could be fulfilled successfully. When implementing a client you might receive the following status codes:
|200||The request could be fulfilled successfully. Should be the standard response code of GET APIs.|
|201||The request could be fulfilled successfully and a resource has been created.|
|202||We successfully received all your information and everything is alright sofar. However, the request is still being processed and it might take the server a while to complete it.|
|204||The request could be fulfilled sucessfully. However, you will not receive any further data in the response body.|
|302||Redirect. Please retrieve the requested resource from the provided URL.|
|400||Bad Request. The client provided data in its request that is either not parsable or contains illegal values so that the request is invalid. Please see error code and debug message for further information.|
|401||Authentication required. During authentication this status code is returned on invalid login credentials, in all other situations it means that the authentication token you provided is not valid (anymore).|
|403||Authorization required. This status code is returned whenever a request is sent that requires more rights or permissions than the currently authenticated user has.|
|404||Not found. The client requested a ressource that cannot be found.|
|409||The request cannot be fulfilled because it is prevented by a conflict. Please see error code and debug message for futher information.|
|412||There are some cases in which this status code is returned. Usually the user has to execute some action before proceeding (e.g. change his/her password). Please see error code and debug message for further information.|
|500||Internal Server Error. You should never encounter this status code. If you do, you found a bug in our software and we politely ask you to inform us about this issue in much detail so we can fix this issue. Thank you!|
|502||This is an status provided by a reverse proxy if the infrastructure is not working correctly. Please inform the administrator about this issue.|
|503||You will receive this status code during downtime of our application. Please stay tuned, we will probably fix this issue in very short time.|
|504||In case you receive this status code from a reverse proxy, a timeout occured. This should be fixed in very short time by our infrastructure team.|
In addition to HTTP status codes DRACOON API often provides individuall error codes to inform the client developer or the user in much more detail about the current issue. Each error code is accompanied by an individual debug message to provide human-readable information about the problem that occured.
We collect all possible error codes and error messages in the Swagger Documentation.
Specific details about certain errors might be abused by an attacker to gain knowledge or to receive leaked information about the system and its users. An example for this could be the specific details of an unsuccessful login: If the system informs the requester that a user with the provided user name was found but the password was not correct, an external attacker can gain insights about existing user accounts which violates their privacy. To avoid this, DRACOON API only informs that the combination of user name and provided password is not valid to log on.
Whenever we implement a specific error code and error message, we ask ourselves whether this could disclose sensitive information to an atacker. In these cases, the security and privacy of our users and the system as a whole are the higher value than a helpful and detailed notification of client developers or end-users. This is the reason why you might encounter several error situations in which we do not provide you with a specific error code and a specific error message about what actually went wrong.