Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "status codes"
-
Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 204 No Content
Me: 200 OK
Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 413 Payload Too Large
Me: 102 Processing
Me: 200 OK
Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 444 Connection Closed Without Response
Me: 200 OK
Me: GET /sleep
Baby: 307 Temporary Redirect
Baby: 444 Connection Closed Without Response
Me: 429 Too Many Requests
Me: GET /sleep
Baby: 307 Temporary Redirect
Me: 101 Switching Protocols
Me: 408 Request Timeout
GF: 102 Processing
Me: GET /sleep
Sleep: 404 Not Found
Me: 406 Not Acceptable
(Morning)
Me: 501 Not Implemented19 -
Dear nerds from all over the world,
We get it. 404 pics are funny.
But did you know there other status codes too?
Like...
204 - No Response
301 - Moved
302 - Found
400 - Bad request
401 - Unauthorized
402 - Payment Required
403 - Forbidden
501 - Not Implemented
502 - Service Temporarily Overloaded
I'm sure you'll also find funny situations with these.
Thanks. We're the best!26 -
So, here's how online payment works in my country:
1. The selling website creates a hidden <form> and populates it with product ID, price and etc.
2. Some Javascript posts the mentioned form to the bank from the browser.
3. User enters credit info, and submits. If all is right, the bank creates another hidden <form>, and populates is with status code and an invoice ID.
4. Said form is then posted back to the selling website.
I don't know how the programmers behind this scenario call themselves programmers if they don't know basic things about server-side only verifications, but thanks to them I've been buying a lot of products for free these past years. 😂😂
How? 1. Just install Requestly, Tampermonkey and enable Chrome's dev tools.
2. Change price to zero, and the bank's response code to success.
3. Profit!
P. S. I have notified the people behind this, but they don't listen and go fix their codes. Oh well, serves them right.13 -
It's maddening how few people working with the internet don't know anything about the protocols that make it work. Web work, especially, I spend far too much time explaining how status codes, methods, content-types etc work, how they're used and basic fundamental shit about how to do the job of someone building internet applications and consumable services.
The following has played out at more than one company:
App: "Hey api, I need some data"
API: "200 (plain text response message, content-type application/json, 'internal server error')"
App: *blows the fuck up
*msg service team*
Me: "Getting a 200 with a plaintext response containing an internal server exception"
Team: "Yeah, what's the problem?"
Me: "...200 means success, the message suggests 500. Either way, it should be one of the error codes. We use the status code to determine how the application processes the request. What do the logs say?"
Team: "Log says that the user wasn't signed in. Can you not read the response message and make a decision?"
Me: "That status for that is 401. And no, that would require us to know every message you have verbatim, in this case, it doesn't even deserialize and causes an exception because it's not actually json."
Team: "Why 401?"
Me: "It's the code for unauthorized. It tells us to redirect the user to the sign in experience"
Team: "We can't authorize until the user signs in"
Me: *angermatopoeia* "Just, trust me. If a user isn't logged in, return 401, if they don't have permissions you send 403"
Team: *googles SO* "Internet says we can use 500"
Me: "That's server error, it says something blew up with an unhandled exception on your end. You've already established it was an auth issue in the logs."
Team: "But there's an error, why doesn't that work?"
Me: "It's generic. It's like me messaging you and saying, "your service is broken". It doesn't give us any insight into what went wrong or *how* we should attempt to troubleshoot the error or where it occurred. You already know what's wrong, so just tell me with the status code."
Team: "But it's ok, right, 500? It's an error?"
Me: "It puts all the troubleshooting responsibility on your consumer to investigate the error at every level. A precise error code could potentially prevent us from bothering you at all."
Team: "How so?"
Me: "Send 401, we know that it's a login issue, 403, something is wrong with the request, 404 we're hitting an endpoint that doesn't exist, 503 we know that the service can't be reached for some reason, 504 means the service exists, but timed out at the gateway or service. In the worst case we're able to triage who needs to be involved to solve the issue, make sense?"
Team: "Oh, sounds cool, so how do we do that?"
Me: "That's down to your technology, your team will need to implement it. Most frameworks handle it out of the box for many cases."
Team: "Ah, ok. We'll send a 500, that sound easiest"
Me: *..l.. -__- ..l..* "Ok, let's get into the other 5 problems with this situation..."
Moral of the story: If this is you: learn the protocol you're utilizing, provide metadata, and stop treating your customers like shit.22 -
Business idea: panties with HTTP status codes printed on them.
451 for our underaged customers - unavailable for legal reasons
411 to crush a man's self esteem - Length required
429 for girls with stalkers - too many requests
402 for our professional customers - payment required
And, of course, 202 - Accepted22 -
I AM GOING TO PERSONALLY MURDER WHICHEVER SHITBRAINED INCOMPETENT MONKEY THOUGHT IT'D BE A GOOD IDEA TO RESPOND TO ANY AND ALL API ERRORS BY SENDING A RESPONSE WITH THE STATUS CODE 200 AND A BODY OF THE FUCKING STRING "error" AND NOTHING ELSE
WHY?!!?!?!??!7 -
What's the point of using a framework if you don't use any of its features!? What the heck, I have to fix this damn web frontend that is so broken in many ways.
Instead of using an authentication middleware, every single view has the same block of code to check if a user is authenticated. Instead of templates, they used static HTML/JavaScript files and they passed data to pages through cookies.
The "REST" API is so messed up, nothing is resource-oriented, HTTP methods are chosen randomly as well as status codes. They are returning "412 Precondition Failed" instead of a plain simple "401 Unauthorized" when you're not authenticated! What the hell, did they even bother to check what 412 is about when they copied and pasted it from a crappy website!? I would never come up with 412, not even in my scariest nightmare.
What kind of drugs were they using when they wrote such code? Oh dear, I need a vacation...2 -
Senior colleagues insisting on ALWAYS returning HTTP status 200 and sticking any error codes in the contained JSON response instead of using 4×× or 5×× statuses.
Bad input? Failed connections? Missing authorization? Doesn't matter, you get an OK. Wanna know if the request actually succeeded? Fuck you, parse potential kilobytes of JSON to get to the error code!
Am I the asshole or is that defeating the purpose of a status code?!14 -
Front end guy: Somethings wrong with your server. My app is crashing.
* proceed to check logs. Everything fine
Me: Ok send me a log, a printscreen something. What calls do you make?
*send a printscreen with a failling 404 request
* You dense motherfucker learn your fucking http status. They are there for a reason😤3 -
Argh! What are HTTP status codes for if you're not using them in your API implementation?!
Fucking morons!15 -
So at the moment I'm developing a RESTful API for an internal project at work and I'm starting to learn and understand about HTTP status codes.
So I started incorporating proper response HTTP status etc, but my co-workers don't understand what any of it means. They think that just sending a JSON response is enough with any messages should be enough. I think this mindset stems from people who just do simple AJAX calls in JavaScript just to get or store data.
It's these kind of developers that I find are lazy or have no motivation to improve themselves, which is disappointing.5 -
At work today I met an api that redefines http status codes to mean something else. Naturally this makes integrating between systems a whole thing when system a keeps spitting out 207 and system b will not accept anything other than 200. Thanks for nothing. WHY WOULD ANYONE EVER WANT TO DO THAT THO? there's just no good reason to.
Anyway hens how r yous?, hope you're all doing well and that your coffee is as strong and black as the void <36 -
RFC for 700 HTTP Status Codes
https://github.com/joho/7XX-rfc
o 703 - Explosion
o 728 - It works in my timezone
o 732 - Fucking Unic💩de
o 791 - The Internet shut down due to copyright restrictions
o 797 - This is the last page of the Internet. Go back3 -
*follow-up to https://devrant.com/rants/1887422*
The burnt remnants of my ID card's authentication information, waiting for the wind to come pick it up. It's stored in my password database now and committed to my git server, as it should be. Storing PIN and PUK codes on paper, whatever government cunt thought thought that that was a good idea...
If you've got identification papers containing authentication information like PIN and PUK codes, by all means add them to your password manager (if you're using Linux, I'd like to recommend GNU Pass) at once and burn the physical version. There's no reason why you'd want those on paper, unless you store your passwords on a post-it too.
At least that's as much as me and possibly you as citizens can do. Our governments are doomed anyway, given the shitty security policy they have, and likely the many COBOL mainframes still in use today. Honestly, the meddlings of Russia with the US elections doesn't seem too far-fetched, given this status quo. It actually surprises me that this kind of stuff doesn't happen more often, given that certain governments hire private pentesters yet can't secure their own infrastructure. -
That moment when returning correct HTTP status codes from an API become a feature request 😒
For the meantime I will need to deal with endpoints returning status 200 for everything, and status 500 when the service crash. 🤦🏼♂️4 -
!Rant #motivation #hugeProject
Yesterday i started a new app and i designed some of it but classes i coded will speed up the whole coding of other parts .
Anyways today i needed to work on the server side of the project and when i was working on setting up the databases structures i realized how big is this project (it uses like 3 APIs) so i was unmotivated because its a side project and it takes alot of time and overall it dont worth it and even app may fail or may be successful.
So i said i dont care about how it will turn out
Im gonna do it , and im gonna do it right now
So i did now its 6 am and the server part is almost finished ! 75% done .
It was a secure login system and signup with verifications and more security stuff and the codes that provide the server status and most of the user parts . And some of the features of the app .
The most hard thing remaining is to setup the in app purchases and the APIs .
So if you see a project that is huge .
Dont give up . Just do it as long as you can
And you will see how much you progress !
And the huge project will be a big project ;)
Then a normal project , then a tiny project :P
Good night1 -
There's this Senior Developer here at the company I work for, and every single project he works on (usually APIs), the return status codes are always 400 when there is an error.
How do I tell him there are over 60 status codes?2 -
So i found this the other day and thought i would share it with you.
It's a collection of short little songs inspired by HTTP status codes.
Neat idea but is a little rough around the edges.
https://thingsinjars.bandcamp.com/a...1 -
Hi guys!
I never thought that this day will come, be here is my first rant with a big dose of frustration.
So, I'm working on the API team of one of ower products and a coworker that works on the webapp has a lot of problems (don't want to be mean, but he has problems like 'i can't catch a 404 http status, please send a 200 with a message' ) and he always go and wines about the API and that he can't do his job because the API is faulty...
But it is not the case, every functionality of the API is well tested and it works as it should.
So, tonight I was the only one left from my team and the project manager comes and
starts asking me about why I am returning http status codes with all my responses, how the login works and other stuff like that...
Just wasted more than an hour to prove that all the code that I wrote works as expected...1 -
SO MAD. Hands are shaking after dealing with this awful API for too long. I just sent this to a contact at JP Morgan Chase.
-------------------
Hello [X],
1. I'm having absolutely no luck logging in to this account to check the Order Abstraction service settings. I was able to log in once earlier this morning, but ever since I've received this frustratingly vague "We are currently unable to complete your request" error message (attached). I even switched IP's via a VPN, and was able to get as far as entering the below Identification Code until I got the same message. Has this account been blocked? Password incorrect? What's the issue?
2. I've been researching the Order Abstraction API for hours as well, attempting to defuddle this gem of an API call response:
error=1&message=Authentication+failure....processing+stopped
NOWHERE in the documentation (last updated 14 months ago) is there any reference to this^^ error or any sort of standardized error-handling description whatsoever - unless you count the detailed error codes outlined for the Hosted Payment responses, which this Order Abstraction service completely ignores. Finally, the HTTP response status code from the Abstraction API is "200 OK", signaling that everything is fine and dandy, which is incorrect. The error message indicates there should be a 400-level status code response, such as 401 Unauthorized, 403 Forbidden or at least 400 Bad Request.
Frankly, I am extremely frustrated and tired of working with poorly documented, poorly designed and poorly maintained developer services which fail to follow basic methodology standardized decades ago. Error messages should be clear and descriptive, including HTTP status codes and a parseable response - preferably JSON or XML.
-----
This whole piece of garbage is junk. If you're big enough to own a bank, you're big enough to provide useful error messages to the developers kind enough to attempt to work with you.2 -
I wrote an algorithm that incorporates a 3rd party API. and the algorithm is so fast and optimized that I started to get 429 status codes from the third party API, asking me to slow down my requests, which I didn't think was an issue when I tested on local env.
Now I'm on purpose slowing down my code, to prevent that from happening.
Talk about suffering from success.8 -
So I'm working on a project that relies on Google apis specifically Maps. What I just found out blew my mind. The company that writes documents about how you should return correct status codes doesn't return correct status codes. If I send a request with a proper API key, I get a 200 okay back. If I send a request with an invalid API key, I also get it 200 okay back2
-
I reported to our team leader (who is not a developer) that me and my colleague has been having problems with our senior developer whose codes are unmaintainable and messy. I told the team lead that I am losing my trust towards my senior developer and that his codes are messy and not following the coding standards. I was nervous at first because this certain team leader is tight with the senior dev. But still, I expected the team lead to be objective.
I was surprised because the team lead asked me if 'I was perfect' and then the team lead continued to shift the conversation towards me. Team lead then started to compare me with the senior dev which is unfair because I've only been working for 2 years whereas the senior developer has been doing this for 6+ years. Team lead said that I was arrogant. Team lead sent our convo to the other teammates and friends. Team lead told me that I am such a baby.
Fast forward, the senior dev talked to me. Told me that he was busy so he didn't get to improve his codes. Which I dont buy because I often see his discord status as playing during work hours. Told me that it wasnt him. Which I dont know if i should believe since he always lies. Told me that his knowledge is outdated. Told me that maybe because I came from a good university and he did not. He apologized and told me he will improve. Sounds good right?
It's a lie. Because then my friend gave me a recording of his voice ranting about me after our talk. In that recording, he said that I have nothing to prove so I dont get a say. He said that he doesnt care about me. He said that I am cocky. Which I dont understand. I only commented abt his work, why is he attacking me personally? Plus, if someone new like me already already noticed the flaws in his work, what does that say about his skill?
My teammates then asked me to just take the fall lol take note that these teammates were also complaining about this senior dev. they asked me to just give them what they wanted to hear. That I am the one who's wrong and the bosses are right. I said I wanted to defend myself but they hated me for that. They told me to think about what would happen to them. They told me I am selfish. Is it selfish for wanting to defend myself?
I defended myself. I told the senior dev that my intentions are for the right reason. He told me he understands. Later that day, a friend told me he talked behind my back again.
Senior dev told me that the team leader cried because of the words I said. Which i found confusing because it was my own feeling, my own opinion that i am losing trust with this certain senior dev so why would the team lead be so affected by that? Also, i showed our convo to the most objective people i know and they said that i didnt say anything that is offensive nor arrogant I have no control as to how people would react to the words I say. It's beyond me.
I feel so helpless. I told those things to the team lead because I think a team should be open to each other but I was blown out of proportion instead. My friend told me that the team lead and the senior dev are still talking behind my back.
If they do this every time someone tries to speak up, will they ever grow?24 -
I was reviewing a Pull Request recently and there was this line
`return josn(202, 'Record does not exists')`
I told the developer that, status code and description does not match.
He just did not want to accept that he was wrong and told me that, since this function is not exposed to public, it does not matter.
Whats wrong in accepting that you are wrong. We do make mistakes, consciously or unconsciously. Huur. I regretted reviewing his codes there after.5 -
A new development rule I've started to implement:
All backend APIs will be written with the assumption that it's gonna get distributed as an API for 3rd parties to be integrated in their systems - meaning that every API I write will have proper response status codes for appropriate scenarios (like 400, 429, 500 status codes).
No more `res.json({status: false, message: 'message'})` with 200 status code across the board.9 -
I think UPS' Api documentation and service must be the worst documented and build API I have ever seen from a corporate.
1. The developer website is a mess. A total mess. You can barely find the API type you are looking for.
2. When you get the API and download the documentation, the files, .pdf etc is still a mess. Pages long that most are craps.
3. Each request returns Status Code 200. Even if it is an error. This blew my mind.
4. Each request, based on error type or based on tracking activity returns different JSON schema.
For example, the JSON Schema for a shipment in transit is different from JSON schema for a shipment that has been delivered. A shipment that has been returned, a shipment that required signature etc. They are different from each other.
5. And the worst. They do not provide with test tracking codes. I have found some on internet, but they do not work in development and production environment.4 -
Change code here, 500
Revert and change code there, 403
Revert and change code at both the places, 404
Revert and have a Potato -
I once had to write a feature, which should allow the user to login and edit an appointment, which was automatically set. All the data we got, came from an incredibly unreliable API. And with incredible unreliable I mean like heisenbug-level unreliable.
The API spoke perfectly unreadable xml and was a horror to work with.
After a few weeks of me being messed with by this shit piece of an API, I finally got something which did kind of work sometimes.
Proper error handling has been added later and just before I was done, fixing all the flaws of their data management and nonsense status codes (not http status codes) which rarely correlated in at least some way with their data, our client said "scrap this, we don't want it anymore"
Many hours and effort gone, this thing worked almost perfectly. -
I thought CNN.com must be either down altogether or hobbling under a DDoS when I got a 503 error from http://cnn.com/2010/CRIME/.... But the main page and a recent story worked fine, so the site clearly wasn't overloaded or down. The 503 was just a 404 in disguise! Webmasters, please call a spade a spade.3
-
Do you guys return 200 when a search function in your API returns a not found and you attach a response in the object saying "success: false", or do you return 404? I'm confused. Thanks.
https://softwareengineering.stackexchange.com/...3 -
Python 3.9:
Cool New Features for You to Try
String Prefix and Suffix.
Type Hint Lists and Dictionaries Directly.
Topological Sort.
Greatest Common Divisor (GCD) and Least Common Multiple (LCM)
New HTTP Status Codes.
Removal of Deprecated Compatibility Code.2 -
I'm just testing out some code for Spring Boot with Spring web. Whilst inspecting Spring's HttpStatus enum I suddenly realized there are a lot more HTTP status codes than I had estimated. I knew there were many, but woah that's a lot.
Check it:
https://en.wikipedia.org/wiki/...
On a side note, it really helps to debug work stuff at home. More concentration, more time and such.
Fun fun.4 -
Hire are a few tips to up productivity on development which has worked for me:
1) Use a system of at least 16gb ram when writing codes that requires compilation to run.
2) Test your code at most 3 times within an hour. This will combat the bad habit of practically checking changes on every new block you write.
3) Use internet modem in place of mobile hotspot and keep mobile data switched off. This will combat interruptions from your IM contacts and temptations to check your WA status update when working.
4) Implementation before optimisation... This is really important. It's tempting to rewrite a whole block even when other task are pending. If it works just leave it as is and move on to the next bull to kill, you can come back later to optimise.
5) Understand that no language is the best. Sometimes folks claim that PHP is faster than python. Okay I say but let's place a bet and I'll write a python code 10 times faster than your PHP on holiday. Focus more on your skill-set than the language else you'd find yourself switching frameworks more than necessary.
6) Check for existing code before writing an implementation from scratch... I bet you 50 bucks to your 10 someone already wrote that.
7) If it fails the first and then the second time... Don't try the third, check on StackOverflow for similar challenge.
8) When working with testers always ask for reproducible steps... Don't just start fixing bugs because sometimes their explanation looks like a bug when other times it's not and you can end up fixing what's never there.
9) If you're a tester always ask for explanations from the dev before calling a bug... It will save both your time and everybody's.
10) Don't be adamant to switching IDE... VSCode is much productive than Notepad++. Just give it a try an see for yourself.
My 10 cents.1