Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
error handling in Controller_Rest
  • hi,
    sorry if this was asked before.

    i have a class extending Controller_Rest in which i want to implement a method that will have to validate received data/inputs before i use them to fill a DB table. what is the best practice? shall i just: throw new Exception('some reason'), redirect to 404 or something else? i want client (JAVA application that will call this method) to be notified properly.

    thanks in advance
  • You can't redirect in a REST transaction, you need to return a response.

    Common practice is to use the HTTP status to signal the result type, such as 200 being a valid response, 204 for no data in result, 405 for invalid function called, 406 for invalid data response, 404 for a not found and 403 for an access denied.

    For invalid input (i.e. posted data doesn't validate), both 400 and 409 are used, depending on the situation.

    In all cases, the result body can than have a json structure containing additional information, in the case of a failed validation for example the fieldname and the error message.

    I can recommend https://leanpub.com/build-apis-you-wont-hate if you're looking for in-depth info.
  • so basically, i always need to finish REST method with proper (json) structure (error code + desc) which can (will) be analyzed by the caller?

    also, can you point me where to find how to prevent unauthorized users to execute REST requests in FuelPHP?

    thanks for the response and recommendation (i will take a peak ;))
  • HarroHarro
    Accepted Answer
    There are several methods available, so it depends how your application is designed.

    By default, a REST controller supports basic auth and digest auth (http authentication) using username and password. If you want something else, you can define a custom 'auth' method, and in there you can do what you want.

    Some work stateless (and authenticate at every request), some use the Auth package, and deal with REST the same as with authenticated online users, some have separate authentication, but do use the session to maintain state, and some use external authentication (like OAuth2), and only pass tokens.

    And some don't think that is secure enough, and don't use REST at all, but go for SOAP and WSSE.
  • Thank you very much

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion