Return appropriate HTTP status codes with each response. Successful responses should be coded according to this guide:
200: Request succeeded for aGETcall, for aPOST,DELETEorPATCHcall that completed synchronously, or for aPUTcall that synchronously updated an existing resource201: Request succeeded for aPOSTor aPUTcall that synchronously created a new resource. Don't forget the Location header to point to the newly created resource, it is usefull forPOSTbecause the target resource is not the created resource.202: Request accepted for aPOST,PUT,DELETE, orPATCHcall that will be processed asynchronously206: Request succeeded onGET, but only a partial response returned: see above on ranges
Pay attention to the use of authentication and authorization error codes:
401 Unauthorized: Request failed because user is not authenticated403 Forbidden: Request failed because user does not have authorization to access a specific resource
Return suitable codes to provide additional information when there are errors:
422 Unprocessable Entity: Your request was understood, but contained invalid parameters429 Too Many Requests: You have been rate-limited, retry later500 Internal Server Error: Something went wrong on the server, check status site and/or report the issue
Refer to the HTTP response code spec for guidance on status codes for user error and server error cases.