Add a new idea Subscribe
Status Implemented
Workspace Reckon One
Categories API
Created by Guest
Created on Jan 24, 2018

RELATED IDEAS

Improve HTTP response code for inactive modules

It seems like the API returns 401 error when perfectly authenticated user tries to fetch a list of projects from a book that I now think does not have projects module activated.


Problem here is that 401 is misleading in that it means the user is not authenticated, when in fact it is, but it just doesn't have the required "permissions". This is actually made worse as it's impossible to tell if there really is a problem with authentication or not, since there is no error message explaining what the problem is.

IMO, this should clearly be a 403 error, and it would be nice to include some brief explanation as well.

But just switching from 401 to 403 would be a huge improvement, as it gives much better direction when looking into what the problem is and gives more confidence to trust the response codes. So when I see a 401 in my error tracker, I know there is some issue with auth itself, not permissions.

  • ADMIN RESPONSE
    Jun 8, 2021

    When invoice module is active: 

    GET {{URLV2}}/{{book}}/invoices

    Response code:

    200

    Response message:

    OK

    Response body is the list of invoices:

    {
    "list": []
    }


    After making the invoices module inactive and trying the GET again:

    GET {{URLV2}}/{{book}}/invoices

    Response code:

    403

    Response message:

    Forbidden

    Response body:

    {
     "message": "User does not have permission to access this resource.",
     "code": 403
    }
  • Attach files
  • Admin
    Iftikhar Chowdhury
    Reply
    |     Jun 8, 2021

    This has been implemented to API v2. You can learn more about API v2 from: https://developer.reckon.com/api-details#api=reckon-one-api-v2