我有一个 REST 端点接受 POST 请求以将代码标记为已兑换。该代码只能在特定日期之间兑换。
如果有人试图提早兑换代码,我应该如何应对?
我怀疑 HTTP 403,Forbidden,是正确的选择,但随后 w3c 指出“the request SHOULD NOT be repeated”,而在这种情况下,我预计请求会在稍后重复。
最佳答案
The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request. The response body SHOULD include enough information for the user to recognize the source of the conflict. Ideally, the response entity would include enough information for the user or user agent to fix the problem; however, that might not be possible and is not required.
403 Forbidden如果他们试图兑换已经兑换的优惠券,则更有意义,尽管 410 Gone在这种情况下接缝也很优雅。
404 Not Found这并不理想,因为该资源确实存在,但是如果您不想使用 403 指定原因或者出于安全原因想要隐藏该资源的存在,您可以使用它。
如果您使用 HATEOAS ,那么您还可以通过在优惠券资源(通过 GET 检索)中仅包含一个 redeem 超媒体控件来阻止您的客户(可以这么说)优惠券可以兑换;尽管这不会阻止过度绑定(bind)的客户尝试赎回它。
关于资源的 HTTP 状态代码尚不可用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/11080197/