Actually a 200 is sent. But with a text status field indicating incorrect password
If you click on the response schema u see the 200 section, you will see what I mean
03/27/2022, 4:31 PM
Oh haha, sounds good, thanks. Wouldn't it be better to send one of the standard response codes(maybe a 403 Forbidden might be okay in order to not clash with the invalid api key one) to avoid confusion though?
03/27/2022, 4:34 PM
Well, we have two types of errors:
- expected errors
- unexpected errors
expected errors are the ones where it's the end users "fault" and in that case the code should handle it according to that by displaying a nice message to the user.
Unexpected errors as usually due to coding or infra related issues. In this case, showing a generic "something went wrong" to the end user is what's needed and the message (if any) is for the dev to debug the issue.
So to make this clear, we kept expected errors as 200 status code. I know it's a little unconventional, but it allows us to communicate the intended affect of the error more easily.
03/27/2022, 4:37 PM
Ah, makes sense. Thank you! (and also thank you for the quick response time :o)