[Solved] You are designing an API that requires users to login before accessing certain data.... And what if the user sends a valid token but tries to access admin-only data? | Rest API

Rest API - HTTP Status Codes

You are designing an API that requires users to login before accessing certain data. If a user sends a request without any authentication token, what should your API return? And what if the user sends a valid token but tries to access admin-only data?

AReturn 200 OK for missing token, 401 Unauthorized for admin data access

BReturn 403 Forbidden for missing token, 401 Unauthorized for admin data access

CReturn 404 Not Found for missing token, 403 Forbidden for admin data access

DReturn 401 Unauthorized for missing token, 403 Forbidden for admin data access

Step-by-Step Solution

Solution:

Step 1: Handle missing authentication token
Missing token means user is not authenticated, so return 401 Unauthorized.
Step 2: Handle valid token but unauthorized access
User is authenticated but lacks permission, so return 403 Forbidden.
Final Answer:
401 for missing token, 403 for forbidden access -> Option D
Quick Check:
Missing token = 401, no permission = 403 [OK]

Quick Trick: 401 for no login, 403 for no permission [OK]

Common Mistakes:

Swapping 401 and 403
Using 404 for auth errors
Returning 200 for errors

Master "HTTP Status Codes" in Rest API

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More Rest API Quizzes

And what if the user sends a valid token but tries to access admin-only data?

Step 1: Handle missing authentication token

Step 2: Handle valid token but unauthorized access

Final Answer:

Quick Check:

Want More Practice?