[Solved] You are designing a REST API for a file storage service. A user tries to access a file:GET /files/123The user is logged in but does not own the file. Which status code should your API return and why? | Rest API

Rest API - HTTP Status Codes

You are designing a REST API for a file storage service. A user tries to access a file:

GET /files/123

The user is logged in but does not own the file. Which status code should your API return and why?

A401 Unauthorized, because the user must re-authenticate to access the file.

B403 Forbidden, because the user is authenticated but not allowed to access this file.

C404 Not Found, to hide the existence of the file from unauthorized users.

D500 Internal Server Error, because the server cannot process the request.

Step-by-Step Solution

Solution:

Step 1: Determine user's authentication and ownership
The user is logged in (authenticated) but does not own the file, so lacks permission.
Step 2: Choose correct status code for permission denial
403 Forbidden is the correct code when the user is authenticated but not allowed to access the resource.
Final Answer:
403 Forbidden, because the user is authenticated but not allowed to access this file. -> Option B
Quick Check:
Logged in + no permission = 403 Forbidden [OK]

Quick Trick: Logged in but no access? Return 403 Forbidden [OK]

Common Mistakes:

MISTAKES

Master "HTTP Status Codes" in Rest API

9 interactive learning modes - each teaches the same concept differently

More Rest API Quizzes

You are designing a REST API for a file storage service. A user tries to access a file: