On Mon, Mar 17, 2008 at 10:08 AM, Olly L. [email protected] wrote:
I’m currently of the opinion that 403 Forbidden is the best option,
although 405 Method Not Allowed sounds equally appropriate, or perhaps
even 409 Conflict.
I believe 403 is an authentication header, as in ‘your login failed’.
405 means the DELETE method itself isn’t allowed. ActiveResource uses
409 for locking conflicts, and 422 for validation errors.
According to rfc 2616, it sounds like 409 would be your best bet:
The request could not be completed due to a conflict with the current
state of the resource. This code is only allowed in situations where
it is expected that the user might be able to resolve the conflict and
resubmit the request.
That sounds better than 422, unprocessable entity:
The request was well-formed but was unable to be followed due to
There are many ways to interpret that though. I think the key is to
document it well and stick to it.