I wrote an API for social app in Rails. This app likes Facebook, users can block other users. If user A block user B, user B can’t view profile page of user A. So what is the best HTTP code status I should return: 404, 403, 204 or 200(render nothing) ?
Question posted in Facebook API
The official documentation for the Facebook APIs can be found here.
The official documentation for the Facebook APIs can be found here.
2
Answers
I much prefer to use
403 Forbidden
https://www.rfc-editor.org/rfc/rfc7231#section-6.5.3
A best practice for this is
403
, however doing so will expose the fact that user has been blocked. If you don’t want that, you can return404
. Github, as an example, for unauthorized access to private repos always returns404
.