See below the request headers and response codes of Youforce API.
| Header Name |
Description |
| Cache-Control |
The Cache-Control general-header field is used to specify directives that MUST be obeyed by all caching mechanisms along the request/response chain. In our authentication request the header is mandatory with the value. Cache-Control: no-cache |
| Content-Type |
The content type of the resource in case the request has content in the body. Example: Content-Type:multipart/form-data;boudary=<calculated when request is sent> |
| Authorization |
A valid access token required for authorization |
| Accept |
The Accept request-header can be used to specify the media types which are acceptable for the response. Example: Accept:application/json |
Response codes
| Type |
Responses |
Situation |
| Success Codes |
200 OK |
Synchronous read, update, and delete operations |
| 201 Created |
Synchronous create requests |
|
| 202 Accepted |
A-synchronous operations |
|
| 204 No Content |
Referring to non-existing entity (e.g. after delete) |
|
| Invalid Request Errors |
400 Bad request |
Bad Request (e.g. validation errors) |
| 401 Unauthorized |
Not Authorized: Missing or invalid access token |
|
| 403 Forbidden |
Not Authorized: Authenticated, but user has no access to the API |
|
| 404 Not Found |
Invalid URL: Item does not exist (anymore). The canonical identifier (collection/{canonical id}) cannot be found. Not Authorized: Authenticated, access to api, but user has no access to to the resource (data authorization). From a security standpoint we don’t expose the reason why the object could not be found because an attacker can use this to figure out the internals of our system. |
|
| 409 Conflict |
Concurrency problem: Record changed by another user |
|
| Server Errors |
500 Internal server error |
Server Error (e.g. database failure, event could not be send) |
| 503 Service unavailable |
Server Error (resource temporary not available) |
|