https://supertokens.com/ logo
s

segidev

06/30/2022, 2:29 PM
Hello, why does signup respond with a 200 in case an email already exists?
r

rp

06/30/2022, 2:32 PM
Hey! Good question. This has got to do with distinction of error types: 1) User, expected errors (yielding 200 response) 2) Unexpected errors Essentially, (1) is a valid user flow that results in a non successful response. But it's still a valid user input, so you want to display some UI to the user explaining what just happened Whilst (2) is asomething like the db going down (500 http code), or a bad input (required input fields in JSON body missing - 400 response) etc..
So usually, a non 200 http code should display a generic "Something went wrong" error to the user.
s

segidev

06/30/2022, 2:33 PM
Ok so i got the same when forgetting to input email to the /signup
r

rp

06/30/2022, 2:34 PM
well, cause in this API, the input is of type formField: [{id: string, value: string}]. If you call it without the formField array, it will give back 400
s

segidev

06/30/2022, 2:36 PM
Is there a way to change this?
I would very much prefer to have 4xx codes
It is definitely discussible but i am not a fan of returning "EVERYTHING OKAY" although it is not you know 🙂
r

rp

06/30/2022, 2:37 PM
Yes. There is, but it would require you to override the API and return your own response. Checkout the advanced customisation section of the recipe docs.
That being said, this API is an edge case.. we should probably be returning a 400 error in the example you did above. Will open an issue about it
Finally, I would recommend you to keep it the way it is, cause IMO, it makes it easier to know what to do based on a response. For example, if you have a GET user API, and that returns a 404, does that mean that the API doesn't exist, or that the user doesn't exist?
Anyhow, this is debatable for sure. You can send back your own responses (and hence status codes) for the APIs by overriding them.
s

segidev

06/30/2022, 2:42 PM
I see your point although i would expect to have an API with a documentation that shows me which routes are available
I have just one more question when you talk about an edge case
r

rp

06/30/2022, 2:43 PM
> i would expect to have an API with a documentation that shows me which routes are available You can see the schema of the response in the swagger docs which shows you all the possible outputs.
s

segidev

06/30/2022, 2:43 PM
Usually request libraries like Axios etc. throw an exception when a 4xx or 5xx error responds. In this case it wouldn't happen so you always have to test the body instead of relying to "WORKED", "DIDNT WORK"
r

rp

06/30/2022, 2:44 PM
Yea. And that's intentional. Cause if a wrong credential error gave a 400 response, axios would throw an error, and people would end up displaying a generic "something went wrong" message. As opposed to here, where we are forcing people to check the status type and so they know the different types of messages that they need to show to the end user.
s

segidev

06/30/2022, 2:45 PM
But you could simply respond a 400 or 401 with the same body?
And this can be catched and the body read and a proper message displayed
r

rp

06/30/2022, 2:46 PM
it can be caught and the body read. But in my exp, several people forget to read the body after catching.. people even forget to catch several times.
Hence this choice
s

segidev

06/30/2022, 2:47 PM
So i don't need to do this: check if status is "OK", then read the rest If not "OK" show an error
r

rp

06/30/2022, 2:47 PM
well.. if you do not like this, you can override the backend APIs and send your own responses 🙂
s

segidev

06/30/2022, 2:47 PM
Ok sure it's up to you 🙂
r

rp

06/30/2022, 2:47 PM
it is debatable. I agree.
r

rp

06/30/2022, 2:48 PM
yes
s

segidev

06/30/2022, 2:49 PM
Ok i see also here: "This feature is only applicable for users who build their own frontend since our frontend requires on a specific output"
Your Axios intercepter is probably expecting these 200s ?
r

rp

06/30/2022, 2:50 PM
axios interceptor doesn't care about these APIs. It's only meant for session management related tasks.
So you can freely change the response of the emailpassword APIs.
s

segidev

06/30/2022, 2:50 PM
Ok but what about automatic refreshing of the token. That is only supported via the SDK right?
The
supertokens-website
package
r

rp

06/30/2022, 2:51 PM
Yes. Correct. We have a vanilla JS SDK that you can use with your custom UI for that
The refresh API returns a 200 on successful refresh, else a 401. There is no "status" check in there
s

segidev

06/30/2022, 2:52 PM
I see, thanks for the help
r

rp

06/30/2022, 2:53 PM
happy to help 🙂 Thanks for checking out SuperTokens!