Whenever a request is made correctly, the API will respond with a status 200, otherwise, it will respond with a status different from this one. To make it better understood, we will list the different errors that can be present in a request:
200-- Success400-- Bad request401-- Unauthorized500-- Internal server error
A 400 in the request will return a JSON with error: true and result: [] in the result, we return an array of messages with the detail of the error or errors. Example:
when trying to authenticate with a wrong email or password.
{
"error": true,
"result": [
"Incorrect user or password."
]
}
An error 401 is usually a response to a request that requires authentication or a certain level of authentication, such as wanting to access administrator requests with customer access level.
Example 1:
The API keys can only be created by business owners and administrators, suppose we try to call an API endpoint that requires an API key with a user type customer.
Example 2:
If we try to access an API endpoint that is exclusive for administrators with the business owner API key.
Example 3:
If you are building a Store Front. Then instead of API keys, you are using bearer tokens to identify the user level. If a customer level bearer token wants to request an API endpoint that is exclusive for administrators or business owners.
The answer would be the following.
{
"error": true,
"result": [
"You do not have permission."
]
}