Rest API design best practices for security testing:
- Accept and respond with JSON
- Use nouns instead of verbs in endpoint paths
- Use Name collections with plural nouns
- Nest resources for hierarchical objects
- Handle errors gracefully and return standard error codes
- Versioning the rest of API designs
Common error HTTP status codes include:
- 400 Bad Request — This means that client-side input fails validation.
- 401 Unauthorized — This means the user isn’t authorized to access a resource. It usually returns when the user isn’t authenticated.
- 403 Forbidden — This means the user is authenticated, but it’s not allowed to access a resource.
- 404 Not Found — This is for any resource that is not visible.
- 500 Internal server error — This is a generic server error. It probably shouldn’t be thrown explicitly.
- 502 Bad Gateway — This indicates an invalid response from an upstream server.
- 503 Service Unavailable — This hints that there is some undesired error that is present on the server-side of rest API design like server overload or some system failures.
For more similar insights on buzzing tech topics visit www.mobifly.in
