draft-ietf-httpapi-rfc7807bis-07.unpg.txt | draft-ietf-httpapi-rfc7807bis-latest.txt | |||
---|---|---|---|---|
HTTPAPI Working Group M. Nottingham | httpapi Working Group M. Nottingham | |||
Internet-Draft | Internet-Draft | |||
Obsoletes: 7807 (if approved) E. Wilde | Obsoletes: 7807 (if approved) E. Wilde | |||
Intended status: Standards Track | Intended status: Standards Track | |||
Expires: October 25, 2023 S. Dalal | Expires: April 8, 2025 S. Dalal | |||
April 23, 2023 | October 5, 2024 | |||
Problem Details for HTTP APIs | Problem Details for HTTP APIs | |||
draft-ietf-httpapi-rfc7807bis-07 | draft-ietf-httpapi-rfc7807bis-latest | |||
Abstract | Abstract | |||
This document defines a "problem detail" to carry machine-readable | This document defines a "problem detail" to carry machine-readable | |||
details of errors in HTTP response content to avoid the need to | details of errors in HTTP response content to avoid the need to | |||
define new error response formats for HTTP APIs. | define new error response formats for HTTP APIs. | |||
This document obsoletes RFC 7807. | This document obsoletes RFC 7807. | |||
Status of This Memo | Status of This Memo | |||
skipping to change at line 35 ¶ | skipping to change at page 1, line 36 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on October 25, 2023. | This Internet-Draft will expire on April 8, 2025. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2023 IETF Trust and the persons identified as the | Copyright (c) 2024 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the Simplified BSD License. | described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
2. Notational Conventions | 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 4 | |||
3. The Problem Details JSON Object | 3. The Problem Details JSON Object . . . . . . . . . . . . . . . 4 | |||
3.1. Members of a Problem Details Object | 3.1. Members of a Problem Details Object . . . . . . . . . . . 6 | |||
3.1.1. "type" | 3.1.1. "type" . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
3.1.2. "status" | 3.1.2. "status" . . . . . . . . . . . . . . . . . . . . . . 7 | |||
3.1.3. "title" | 3.1.3. "title" . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
3.1.4. "detail" | 3.1.4. "detail" . . . . . . . . . . . . . . . . . . . . . . 7 | |||
3.1.5. "instance" | 3.1.5. "instance" . . . . . . . . . . . . . . . . . . . . . 8 | |||
3.2. Extension Members | 3.2. Extension Members . . . . . . . . . . . . . . . . . . . . 8 | |||
4. Defining New Problem Types | 4. Defining New Problem Types . . . . . . . . . . . . . . . . . 9 | |||
4.1. Example | 4.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
4.2. Registered Problem Types | 4.2. Registered Problem Types . . . . . . . . . . . . . . . . 10 | |||
4.2.1. about:blank | 4.2.1. about:blank . . . . . . . . . . . . . . . . . . . . . 11 | |||
5. Security Considerations | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 | |||
6. IANA Considerations | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 | |||
7. References | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
7.1. Normative References | 7.1. Normative References . . . . . . . . . . . . . . . . . . 12 | |||
7.2. Informative References | 7.2. Informative References . . . . . . . . . . . . . . . . . 13 | |||
7.3. URIs | 7.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
Appendix A. JSON Schema for HTTP Problems | Appendix A. JSON Schema for HTTP Problems . . . . . . . . . . . 14 | |||
Appendix B. HTTP Problems and XML | Appendix B. HTTP Problems and XML . . . . . . . . . . . . . . . 15 | |||
Appendix C. Using Problem Details with Other Formats | Appendix C. Using Problem Details with Other Formats . . . . . . 17 | |||
Appendix D. Changes from RFC 7807 | Appendix D. Changes from RFC 7807 . . . . . . . . . . . . . . . 18 | |||
Acknowledgements | Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
Authors' Addresses | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
1. Introduction | 1. Introduction | |||
HTTP status codes (Section 15 of [HTTP]) cannot always convey enough | HTTP status codes (Section 15 of [HTTP]) cannot always convey enough | |||
information about errors to be helpful. While humans using Web | information about errors to be helpful. While humans using web | |||
browsers can often understand an HTML [HTML5] response content, non- | browsers can often understand an HTML [HTML5] response content, non- | |||
human consumers of HTTP APIs have difficulty doing so. | human consumers of HTTP APIs have difficulty doing so. | |||
To address that shortcoming, this specification defines simple JSON | To address that shortcoming, this specification defines simple JSON | |||
[JSON] and XML [XML] document formats to describe the specifics of | [JSON] and XML [XML] document formats to describe the specifics of a | |||
problem(s) encountered -- "problem details". | problem encountered -- "problem details". | |||
For example, consider a response indicating that the client's account | For example, consider a response indicating that the client's account | |||
doesn't have enough credit. The API's designer might decide to use | doesn't have enough credit. The API's designer might decide to use | |||
the 403 Forbidden status code to inform HTTP-generic software (such | the 403 Forbidden status code to inform generic HTTP software (such | |||
as client libraries, caches, and proxies) of the response's general | as client libraries, caches, and proxies) of the response's general | |||
semantics. API-specific problem details (such as why the server | semantics. API-specific problem details (such as why the server | |||
refused the request and the applicable account balance) can be | refused the request and the applicable account balance) can be | |||
carried in the response content, so that the client can act upon them | carried in the response content so that the client can act upon them | |||
appropriately (for example, triggering a transfer of more credit into | appropriately (for example, triggering a transfer of more credit into | |||
the account). | the account). | |||
This specification identifies the specific "problem type" (e.g., "out | This specification identifies the specific "problem type" (e.g., "out | |||
of credit") with a URI [URI]. HTTP APIs can use URIs under their | of credit") with a URI [URI]. HTTP APIs can use URIs under their | |||
control to identify problems specific to them, or can reuse existing | control to identify problems specific to them or can reuse existing | |||
ones to facilitate interoperability and leverage common semantics | ones to facilitate interoperability and leverage common semantics | |||
(see Section 4.2). | (see Section 4.2). | |||
Problem details can contain other information, such as a URI | Problem details can contain other information, such as a URI | |||
identifying the problem's specific occurrence (effectively giving an | identifying the problem's specific occurrence (effectively giving an | |||
identifier to the concept "The time Joe didn't have enough credit | identifier to the concept "The time Joe didn't have enough credit | |||
last Thursday"), which can be useful for support or forensic | last Thursday"), which can be useful for support or forensic | |||
purposes. | purposes. | |||
The data model for problem details is a JSON [JSON] object; when | The data model for problem details is a JSON [JSON] object; when | |||
skipping to change at line 138 ¶ | skipping to change at page 3, line 45 ¶ | |||
naturally fit the semantics of 4xx and 5xx responses. Note that | naturally fit the semantics of 4xx and 5xx responses. Note that | |||
problem details are (naturally) not the only way to convey the | problem details are (naturally) not the only way to convey the | |||
details of a problem in HTTP. If the response is still a | details of a problem in HTTP. If the response is still a | |||
representation of a resource, for example, it's often preferable to | representation of a resource, for example, it's often preferable to | |||
describe the relevant details in that application's format. | describe the relevant details in that application's format. | |||
Likewise, defined HTTP status codes cover many situations with no | Likewise, defined HTTP status codes cover many situations with no | |||
need to convey extra detail. | need to convey extra detail. | |||
This specification's aim is to define common error formats for | This specification's aim is to define common error formats for | |||
applications that need one so that they aren't required to define | applications that need one so that they aren't required to define | |||
their own, or worse, tempted to redefine the semantics of existing | their own or, worse, tempted to redefine the semantics of existing | |||
HTTP status codes. Even if an application chooses not to use it to | HTTP status codes. Even if an application chooses not to use it to | |||
convey errors, reviewing its design can help guide the design | convey errors, reviewing its design can help guide the design | |||
decisions faced when conveying errors in an existing format. | decisions faced when conveying errors in an existing format. | |||
See Appendix D for a list of changes from RFC 7807. | See Appendix D for a list of changes from [RFC7807]. | |||
2. Notational Conventions | 2. Requirements Language | |||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
"OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
capitals, as shown here. | capitals, as shown here. | |||
3. The Problem Details JSON Object | 3. The Problem Details JSON Object | |||
The canonical model for problem details is a JSON [JSON] object. | The canonical model for problem details is a JSON [JSON] object. | |||
skipping to change at line 227 ¶ | skipping to change at page 5, line 40 ¶ | |||
}, | }, | |||
{ | { | |||
"detail": "must be 'green', 'red' or 'blue'", | "detail": "must be 'green', 'red' or 'blue'", | |||
"pointer": "#/profile/color" | "pointer": "#/profile/color" | |||
} | } | |||
] | ] | |||
} | } | |||
The fictional problem type here defines the "errors" extension, an | The fictional problem type here defines the "errors" extension, an | |||
array that describes the details of each validation error. Each | array that describes the details of each validation error. Each | |||
member is an object containing "detail" to describe the issue, and | member is an object containing "detail" to describe the issue and | |||
"pointer" to locate the problem within the request's content using a | "pointer" to locate the problem within the request's content using a | |||
JSON Pointer [JSON-POINTER]. | JSON Pointer [JSON-POINTER]. | |||
When an API encounters multiple problems that do not share the same | When an API encounters multiple problems that do not share the same | |||
type, it is RECOMMENDED that the most relevant or urgent problem be | type, it is RECOMMENDED that the most relevant or urgent problem be | |||
represented in the response. While it is possible to create generic | represented in the response. While it is possible to create generic | |||
"batch" problem types that convey multiple, disparate types, they do | "batch" problem types that convey multiple, disparate types, they do | |||
not map well into HTTP semantics. | not map well into HTTP semantics. | |||
Note also that the API has responded with the application/ | Note also that the API has responded with the "application/ | |||
problem+json type, even though the client did not list it in Accept, | problem+json" type, even though the client did not list it in Accept, | |||
as is allowed by HTTP (see Section 12.5.1 of [HTTP]). | as is allowed by HTTP (see Section 12.5.1 of [HTTP]). | |||
3.1. Members of a Problem Details Object | 3.1. Members of a Problem Details Object | |||
Problem detail objects can have the following members. If a member's | Problem detail objects can have the following members. If a member's | |||
value type does not match the specified type, the member MUST be | value type does not match the specified type, the member MUST be | |||
ignored -- i.e., processing will continue as if the member had not | ignored -- i.e., processing will continue as if the member had not | |||
been present. | been present. | |||
3.1.1. "type" | 3.1.1. "type" | |||
skipping to change at line 275 ¶ | skipping to change at page 6, line 39 ¶ | |||
When "type" contains a relative URI, it is resolved relative to the | When "type" contains a relative URI, it is resolved relative to the | |||
document's base URI, as per [URI], Section 5. However, using | document's base URI, as per [URI], Section 5. However, using | |||
relative URIs can cause confusion, and they might not be handled | relative URIs can cause confusion, and they might not be handled | |||
correctly by all implementations. | correctly by all implementations. | |||
For example, if the two resources "https://api.example.org/foo/ | For example, if the two resources "https://api.example.org/foo/ | |||
bar/123" and "https://api.example.org/widget/456" both respond with a | bar/123" and "https://api.example.org/widget/456" both respond with a | |||
"type" equal to the relative URI reference "example-problem", when | "type" equal to the relative URI reference "example-problem", when | |||
resolved they will identify different resources | resolved they will identify different resources | |||
("https://api.example.org/foo/bar/example-problem" and | ("https://api.example.org/foo/bar/example-problem" and | |||
"https://api.example.org/widget/example-problem" respectively). As a | "https://api.example.org/widget/example-problem", respectively). As | |||
result, it is RECOMMENDED that absolute URIs be used in "type" when | a result, it is RECOMMENDED that absolute URIs be used in "type" when | |||
possible, and that when relative URIs are used, they include the full | possible and that when relative URIs are used, they include the full | |||
path (e.g., "/types/123"). | path (e.g., "/types/123"). | |||
The type URI is allowed to be a non-resolvable URI. For example, the | The type URI is allowed to be a non-resolvable URI. For example, the | |||
tag URI scheme [TAG] can be used to uniquely identify problem types: | tag URI scheme [TAG] can be used to uniquely identify problem types: | |||
tag:example@example.org,2021-09-17:OutOfLuck | tag:example@example.org,2021-09-17:OutOfLuck | |||
However, resolvable type URIs are encouraged by this specification | However, resolvable type URIs are encouraged by this specification | |||
because it might become desirable to resolve the URI in the future. | because it might become desirable to resolve the URI in the future. | |||
For example, if an API designer used the URI above and later adopted | For example, if an API designer used the URI above and later adopted | |||
skipping to change at line 308 ¶ | skipping to change at page 7, line 23 ¶ | |||
The "status" member, if present, is only advisory; it conveys the | The "status" member, if present, is only advisory; it conveys the | |||
HTTP status code used for the convenience of the consumer. | HTTP status code used for the convenience of the consumer. | |||
Generators MUST use the same status code in the actual HTTP response, | Generators MUST use the same status code in the actual HTTP response, | |||
to assure that generic HTTP software that does not understand this | to assure that generic HTTP software that does not understand this | |||
format still behaves correctly. See Section 5 for further caveats | format still behaves correctly. See Section 5 for further caveats | |||
regarding its use. | regarding its use. | |||
Consumers can use the status member to determine what the original | Consumers can use the status member to determine what the original | |||
status code used by the generator was when it has been changed (e.g., | status code used by the generator was when it has been changed (e.g., | |||
by an intermediary or cache), and when a message's content is | by an intermediary or cache) and when a message's content is | |||
persisted without HTTP information. Generic HTTP software will still | persisted without HTTP information. Generic HTTP software will still | |||
use the HTTP status code. | use the HTTP status code. | |||
3.1.3. "title" | 3.1.3. "title" | |||
The "title" member is a JSON string containing a short, human- | The "title" member is a JSON string containing a short, human- | |||
readable summary of the problem type. | readable summary of the problem type. | |||
It SHOULD NOT change from occurrence to occurrence of the problem, | It SHOULD NOT change from occurrence to occurrence of the problem, | |||
except for localization (e.g., using proactive content negotiation; | except for localization (e.g., using proactive content negotiation; | |||
see [HTTP], Section 12.1). | see [HTTP], Section 12.1). | |||
The "title" string is advisory, and is included only for users who | The "title" string is advisory and is included only for users who are | |||
are both unaware of and cannot discover the semantics of the type URI | unaware of and cannot discover the semantics of the type URI (e.g., | |||
(e.g., during offline log analysis). | during offline log analysis). | |||
3.1.4. "detail" | 3.1.4. "detail" | |||
The "detail" member is a JSON string containing a human-readable | The "detail" member is a JSON string containing a human-readable | |||
explanation specific to this occurrence of the problem. | explanation specific to this occurrence of the problem. | |||
The "detail" string, if present, ought to focus on helping the client | The "detail" string, if present, ought to focus on helping the client | |||
correct the problem, rather than giving debugging information. | correct the problem, rather than giving debugging information. | |||
Consumers SHOULD NOT parse the "detail" member for information; | Consumers SHOULD NOT parse the "detail" member for information; | |||
skipping to change at line 349 ¶ | skipping to change at page 8, line 17 ¶ | |||
The "instance" member is a JSON string containing a URI reference | The "instance" member is a JSON string containing a URI reference | |||
that identifies the specific occurrence of the problem. | that identifies the specific occurrence of the problem. | |||
When the "instance" URI is dereferenceable, the problem details | When the "instance" URI is dereferenceable, the problem details | |||
object can be fetched from it. It might also return information | object can be fetched from it. It might also return information | |||
about the problem occurrence in other formats through use of | about the problem occurrence in other formats through use of | |||
proactive content negotiation (see [HTTP], Section 12.5.1). | proactive content negotiation (see [HTTP], Section 12.5.1). | |||
When the "instance" URI is not dereferenceable, it serves as a unique | When the "instance" URI is not dereferenceable, it serves as a unique | |||
identifier for the problem occurrence that may be of significance to | identifier for the problem occurrence that may be of significance to | |||
the server, but is opaque to the client. | the server but is opaque to the client. | |||
When "instance" contains a relative URI, it is resolved relative to | When "instance" contains a relative URI, it is resolved relative to | |||
the document's base URI, as per [URI], Section 5. However, using | the document's base URI, as per [URI], Section 5. However, using | |||
relative URIs can cause confusion, and they might not be handled | relative URIs can cause confusion, and they might not be handled | |||
correctly by all implementations. | correctly by all implementations. | |||
For example, if the two resources "https://api.example.org/foo/ | For example, if the two resources "https://api.example.org/foo/ | |||
bar/123" and "https://api.example.org/widget/456" both respond with | bar/123" and "https://api.example.org/widget/456" both respond with | |||
an "instance" equal to the relative URI reference "example-instance", | an "instance" equal to the relative URI reference "example-instance", | |||
when resolved they will identify different resources | when resolved they will identify different resources | |||
("https://api.example.org/foo/bar/example-instance" and | ("https://api.example.org/foo/bar/example-instance" and | |||
"https://api.example.org/widget/example-instance" respectively). As | "https://api.example.org/widget/example-instance", respectively). As | |||
a result, it is RECOMMENDED that absolute URIs be used in "instance" | a result, it is RECOMMENDED that absolute URIs be used in "instance" | |||
when possible, and that when relative URIs are used, they include the | when possible, and that when relative URIs are used, they include the | |||
full path (e.g., "/instances/123"). | full path (e.g., "/instances/123"). | |||
3.2. Extension Members | 3.2. Extension Members | |||
Problem type definitions MAY extend the problem details object with | Problem type definitions MAY extend the problem details object with | |||
additional members that are specific to that problem type. | additional members that are specific to that problem type. | |||
For example, our "out of credit" problem above defines two such | For example, our out-of-credit problem above defines two such | |||
extensions -- "balance" and "accounts" to convey additional, problem- | extensions -- "balance" and "accounts" to convey additional, problem- | |||
specific information. | specific information. | |||
Similarly, the "validation error" example defines an "errors" | Similarly, the "validation error" example defines an "errors" | |||
extension that contains a list of individual error occurrences found, | extension that contains a list of individual error occurrences found, | |||
with details and a pointer to the location of each. | with details and a pointer to the location of each. | |||
Clients consuming problem details MUST ignore any such extensions | Clients consuming problem details MUST ignore any such extensions | |||
that they don't recognize; this allows problem types to evolve and | that they don't recognize; this allows problem types to evolve and | |||
include additional information in the future. | include additional information in the future. | |||
skipping to change at line 393 ¶ | skipping to change at page 9, line 15 ¶ | |||
When creating extensions, problem type authors should choose their | When creating extensions, problem type authors should choose their | |||
names carefully. To be used in the XML format (see Appendix B), they | names carefully. To be used in the XML format (see Appendix B), they | |||
will need to conform to the Name rule in Section 2.3 of [XML]. | will need to conform to the Name rule in Section 2.3 of [XML]. | |||
4. Defining New Problem Types | 4. Defining New Problem Types | |||
When an HTTP API needs to define a response that indicates an error | When an HTTP API needs to define a response that indicates an error | |||
condition, it might be appropriate to do so by defining a new problem | condition, it might be appropriate to do so by defining a new problem | |||
type. | type. | |||
Before doing so, it's important to understand what they are good for, | Before doing so, it's important to understand what they are good for | |||
and what's better left to other mechanisms. | and what is better left to other mechanisms. | |||
Problem details are not a debugging tool for the underlying | Problem details are not a debugging tool for the underlying | |||
implementation; rather, they are a way to expose greater detail about | implementation; rather, they are a way to expose greater detail about | |||
the HTTP interface itself. Designers of new problem types need to | the HTTP interface itself. Designers of new problem types need to | |||
carefully take into account the Security Considerations (Section 5), | carefully take into account the Section 5, in particular, the risk of | |||
in particular, the risk of exposing attack vectors by exposing | exposing attack vectors by exposing implementation internals through | |||
implementation internals through error messages. | error messages. | |||
Likewise, truly generic problems -- i.e., conditions that might apply | Likewise, truly generic problems -- i.e., conditions that might apply | |||
to any resource on the Web -- are usually better expressed as plain | to any resource on the Web -- are usually better expressed as plain | |||
status codes. For example, a "write access disallowed" problem is | status codes. For example, a "write access disallowed" problem is | |||
probably unnecessary, since a 403 Forbidden status code in response | probably unnecessary, since a 403 Forbidden status code in response | |||
to a PUT request is self-explanatory. | to a PUT request is self-explanatory. | |||
Finally, an application might have a more appropriate way to carry an | Finally, an application might have a more appropriate way to carry an | |||
error in a format that it already defines. Problem details are | error in a format that it already defines. Problem details are | |||
intended to avoid the necessity of establishing new "fault" or | intended to avoid the necessity of establishing new "fault" or | |||
"error" document formats, not to replace existing domain-specific | "error" document formats, not to replace existing domain-specific | |||
formats. | formats. | |||
That said, it is possible to add support for problem details to | That said, it is possible to add support for problem details to | |||
existing HTTP APIs using HTTP content negotiation (e.g., using the | existing HTTP APIs using HTTP content negotiation (e.g., using the | |||
Accept request header to indicate a preference for this format; see | Accept request header to indicate a preference for this format; see | |||
[HTTP], Section 12.5.1). | [HTTP], Section 12.5.1). | |||
New problem type definitions MUST document: | New problem type definitions MUST document: | |||
1. a type URI (typically, with the "http" or "https" scheme), | 1. a type URI (typically, with the "http" or "https" scheme) | |||
2. a title that appropriately describes it (think short), and | 2. a title that appropriately describes it (think short) | |||
3. the HTTP status code for it to be used with. | 3. the HTTP status code for it to be used with | |||
Problem type definitions MAY specify the use of the Retry-After | Problem type definitions MAY specify the use of the Retry-After | |||
response header ([HTTP], Section 10.2.3) in appropriate | response header ([HTTP], Section 10.2.3) in appropriate | |||
circumstances. | circumstances. | |||
A problem's type URI SHOULD resolve to HTML [HTML5] documentation | A problem type URI SHOULD resolve to HTML [HTML5] documentation that | |||
that explains how to resolve the problem. | explains how to resolve the problem. | |||
A problem type definition MAY specify additional members on the | A problem type definition MAY specify additional members on the | |||
problem details object. For example, an extension might use typed | problem details object. For example, an extension might use typed | |||
links [WEB-LINKING] to another resource that machines can use to | links [WEB-LINKING] to another resource that machines can use to | |||
resolve the problem. | resolve the problem. | |||
If such additional members are defined, their names SHOULD start with | If such additional members are defined, their names SHOULD start with | |||
a letter (ALPHA, as per [ABNF], Appendix B.1) and SHOULD comprise | a letter (ALPHA, as per [ABNF], Appendix B.1) and SHOULD comprise | |||
characters from ALPHA, DIGIT ([ABNF], Appendix B.1), and "_" (so that | characters from ALPHA, DIGIT ([ABNF], Appendix B.1), and "_" (so that | |||
it can be serialized in formats other than JSON), and they SHOULD be | it can be serialized in formats other than JSON), and they SHOULD be | |||
three characters or longer. | three characters or longer. | |||
4.1. Example | 4.1. Example | |||
For example, if you are publishing an HTTP API to your online | For example, if you are publishing an HTTP API to your online | |||
shopping cart, you might need to indicate that the user is out of | shopping cart, you might need to indicate that the user is out of | |||
credit (our example from above), and therefore cannot make the | credit (our example from above) and therefore cannot make the | |||
purchase. | purchase. | |||
If you already have an application-specific format that can | If you already have an application-specific format that can | |||
accommodate this information, it's probably best to do that. | accommodate this information, it's probably best to do that. | |||
However, if you don't, you might use one of the problem details | However, if you don't, you might use one of the problem detail | |||
formats -- JSON if your API is JSON-based, or XML if it uses that | formats -- JSON if your API is JSON-based or XML if it uses that | |||
format. | format. | |||
To do so, you might look in the registry (Section 4.2) for an | To do so, you might look in the registry (Section 4.2) for an | |||
already-defined type URI that suits your purposes. If one is | already-defined type URI that suits your purposes. If one is | |||
available, you can reuse that URI. | available, you can reuse that URI. | |||
If one isn't available, you could mint and document a new type URI | If one isn't available, you could mint and document a new type URI | |||
(which ought to be under your control and stable over time), an | (which ought to be under your control and stable over time), an | |||
appropriate title and the HTTP status code that it will be used with, | appropriate title and the HTTP status code that it will be used with, | |||
along with what it means and how it should be handled. | along with what it means and how it should be handled. | |||
4.2. Registered Problem Types | 4.2. Registered Problem Types | |||
This specification defines the HTTP Problem Type registry for common, | This specification defines the "HTTP Problem Types" registry for | |||
widely-used problem type URIs, to promote reuse. | common, widely used problem type URIs, to promote reuse. | |||
The policy for this registry is Specification Required, per | The policy for this registry is Specification Required, per | |||
[RFC8126], Section 4.6. | [RFC8126], Section 4.6. | |||
When evaluating requests, the Expert(s) should consider community | When evaluating requests, the designated expert(s) should consider | |||
feedback, how well-defined the problem type is, and this | community feedback, how well-defined the problem type is, and this | |||
specification's requirements. Vendor-specific, application-specific, | specification's requirements. Vendor-specific, application-specific, | |||
and deployment-specific values are not registerable. Specification | and deployment-specific values are unable to be registered. | |||
documents should be published in a stable, freely available manner | ||||
(ideally located with a URL), but need not be standards. | Specification documents should be published in a stable, freely | |||
available manner (ideally located with a URL) but need not be | ||||
standards. | ||||
Registrations MAY use the prefix "https://iana.org/assignments/http- | Registrations MAY use the prefix "https://iana.org/assignments/http- | |||
problem-types#" for the type URI. Note that those URIs may not be | problem-types#" for the type URI. Note that those URIs may not be | |||
able to be resolved. | able to be resolved. | |||
Registration requests should use the following template: | The following template should be used for registration requests: | |||
o Type URI: [a URI for the problem type] | Type URI: [a URI for the problem type] | |||
o Title: [a short description of the problem type] | Title: [a short description of the problem type] | |||
o Recommended HTTP status code: [what status code is most | Recommended HTTP status code: [what status code is most appropriate | |||
appropriate to use with the type] | to use with the type] | |||
o Reference: [to a specification defining the type] | Reference: [to a specification defining the type] | |||
See the registry at https://iana.org/assignments/http-problem-types | See the registry at https://iana.org/assignments/http-problem-types | |||
[1] for details on where to send registration requests. | [1] for details on where to send registration requests. | |||
4.2.1. about:blank | 4.2.1. about:blank | |||
This specification registers one Problem Type, "about:blank". | This specification registers one Problem Type, "about:blank", as | |||
follows. | ||||
o Type URI: about:blank | Type URI: about:blank | |||
o Title: See HTTP Status Code | Title: See HTTP Status Code | |||
o Recommended HTTP status code: N/A | Recommended HTTP status code: N/A | |||
o Reference: RFC nnnn | Reference: RFC 9457 | |||
The "about:blank" URI [ABOUT], when used as a problem type, indicates | The "about:blank" URI [ABOUT], when used as a problem type, indicates | |||
that the problem has no additional semantics beyond that of the HTTP | that the problem has no additional semantics beyond that of the HTTP | |||
status code. | status code. | |||
When "about:blank" is used, the title SHOULD be the same as the | When "about:blank" is used, the title SHOULD be the same as the | |||
recommended HTTP status phrase for that code (e.g., "Not Found" for | recommended HTTP status phrase for that code (e.g., "Not Found" for | |||
404, and so on), although it MAY be localized to suit client | 404, and so on), although it MAY be localized to suit client | |||
preferences (expressed with the Accept-Language request header). | preferences (expressed with the Accept-Language request header). | |||
skipping to change at line 554 ¶ | skipping to change at page 12, line 32 ¶ | |||
status code itself, bringing the possibility of disagreement between | status code itself, bringing the possibility of disagreement between | |||
the two. Their relative precedence is not clear, since a | the two. Their relative precedence is not clear, since a | |||
disagreement might indicate that (for example) an intermediary has | disagreement might indicate that (for example) an intermediary has | |||
changed the HTTP status code in transit (e.g., by a proxy or cache). | changed the HTTP status code in transit (e.g., by a proxy or cache). | |||
Generic HTTP software (such as proxies, load balancers, firewalls, | Generic HTTP software (such as proxies, load balancers, firewalls, | |||
and virus scanners) are unlikely to know of or respect the status | and virus scanners) are unlikely to know of or respect the status | |||
code conveyed in this member. | code conveyed in this member. | |||
6. IANA Considerations | 6. IANA Considerations | |||
Please update the "application/problem+json" and "application/ | In the "application" registry under the "Media Types" registry, IANA | |||
problem+xml" registrations in the "Media Types" registry to refer to | has updated the "application/problem+json" and "application/ | |||
this document. | problem+xml" registrations to refer to this document. | |||
Please create the "HTTP Problem Types" registry as specified in | IANA has created the "HTTP Problem Types" registry as specified in | |||
Section 4.2, and populate it with "about:blank" as per Section 4.2.1. | Section 4.2 and populated it with "about:blank" as per Section 4.2.1. | |||
7. References | 7. References | |||
7.1. Normative References | 7.1. Normative References | |||
[ABNF] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | [ABNF] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | |||
Specifications: ABNF", STD 68, RFC 5234, | Specifications: ABNF", STD 68, RFC 5234, | |||
DOI 10.17487/RFC5234, January 2008, | DOI 10.17487/RFC5234, January 2008, | |||
<https://www.rfc-editor.org/info/rfc5234>. | <https://www.rfc-editor.org/info/rfc5234>. | |||
skipping to change at line 638 ¶ | skipping to change at page 14, line 23 ¶ | |||
Schema: A Media Type for Describing JSON Documents", | Schema: A Media Type for Describing JSON Documents", | |||
draft-bhutton-json-schema-01 (work in progress), June | draft-bhutton-json-schema-01 (work in progress), June | |||
2022. | 2022. | |||
[RDFA] Adida, B., Ed., Herman, I., Ed., Birbeck, M., Ed., and S. | [RDFA] Adida, B., Ed., Herman, I., Ed., Birbeck, M., Ed., and S. | |||
McCarron, Ed., "RDFa Core 1.1 - Third Edition", W3C REC | McCarron, Ed., "RDFa Core 1.1 - Third Edition", W3C REC | |||
REC-rdfa-core-20150317, W3C REC-rdfa-core-20150317, March | REC-rdfa-core-20150317, W3C REC-rdfa-core-20150317, March | |||
2015, | 2015, | |||
<https://www.w3.org/TR/2015/REC-rdfa-core-20150317/>. | <https://www.w3.org/TR/2015/REC-rdfa-core-20150317/>. | |||
[RFC7807] Nottingham, M. and E. Wilde, "Problem Details for HTTP | ||||
APIs", RFC 7807, DOI 10.17487/RFC7807, March 2016, | ||||
<https://www.rfc-editor.org/info/rfc7807>. | ||||
[TAG] Kindberg, T. and S. Hawke, "The 'tag' URI Scheme", | [TAG] Kindberg, T. and S. Hawke, "The 'tag' URI Scheme", | |||
RFC 4151, DOI 10.17487/RFC4151, October 2005, | RFC 4151, DOI 10.17487/RFC4151, October 2005, | |||
<https://www.rfc-editor.org/info/rfc4151>. | <https://www.rfc-editor.org/info/rfc4151>. | |||
[WEB-LINKING] | [WEB-LINKING] | |||
Nottingham, M., "Web Linking", RFC 8288, | Nottingham, M., "Web Linking", RFC 8288, | |||
DOI 10.17487/RFC8288, October 2017, | DOI 10.17487/RFC8288, October 2017, | |||
<https://www.rfc-editor.org/info/rfc8288>. | <https://www.rfc-editor.org/info/rfc8288>. | |||
[XSLT] Thompson, H., Ed., Clark, J., Ed., and S. Pieters, Ed., | [XSLT] Thompson, H., Ed., Clark, J., Ed., and S. Pieters, Ed., | |||
skipping to change at line 660 ¶ | skipping to change at page 14, line 49 ¶ | |||
xml-stylesheet-20101028, October 2010, | xml-stylesheet-20101028, October 2010, | |||
<https://www.w3.org/TR/2010/REC-xml-stylesheet-20101028/>. | <https://www.w3.org/TR/2010/REC-xml-stylesheet-20101028/>. | |||
7.3. URIs | 7.3. URIs | |||
[1] https://iana.org/assignments/http-problem-types | [1] https://iana.org/assignments/http-problem-types | |||
Appendix A. JSON Schema for HTTP Problems | Appendix A. JSON Schema for HTTP Problems | |||
This section presents a non-normative JSON Schema [JSON-SCHEMA] for | This section presents a non-normative JSON Schema [JSON-SCHEMA] for | |||
HTTP Problem Details. If there is any disagreement between it and | HTTP problem details. If there is any disagreement between it and | |||
the text of the specification, the latter prevails. | the text of the specification, the latter prevails. | |||
# NOTE: '\' line wrapping per RFC 8792 | # NOTE: '\' line wrapping per RFC 8792 | |||
{ | { | |||
"$schema": "https://json-schema.org/draft/2020-12/schema", | "$schema": "https://json-schema.org/draft/2020-12/schema", | |||
"title": "An RFC7807 problem object", | "title": "An RFC7807 problem object", | |||
"type": "object", | "type": "object", | |||
"properties": { | "properties": { | |||
"type": { | "type": { | |||
"type": "string", | "type": "string", | |||
skipping to change at line 727 ¶ | skipping to change at page 16, line 23 ¶ | |||
& element detail { xsd:string }? | & element detail { xsd:string }? | |||
& element status { xsd:positiveInteger }? | & element status { xsd:positiveInteger }? | |||
& element instance { xsd:anyURI }? ), | & element instance { xsd:anyURI }? ), | |||
anyNsElement | anyNsElement | |||
} | } | |||
anyNsElement = | anyNsElement = | |||
( element ns:* { anyNsElement | text } | ( element ns:* { anyNsElement | text } | |||
| attribute * { text })* | | attribute * { text })* | |||
Note that this schema is only intended as documentation, and not as a | Note that this schema is only intended as documentation and not as a | |||
normative schema that captures all constraints of the XML format. It | normative schema that captures all constraints of the XML format. It | |||
is possible to use other XML schema languages to define a similar set | is possible to use other XML schema languages to define a similar set | |||
of constraints (depending on the features of the chosen schema | of constraints (depending on the features of the chosen schema | |||
language). | language). | |||
The media type for this format is "application/problem+xml". | The media type for this format is "application/problem+xml". | |||
Extension arrays and objects are serialized into the XML format by | Extension arrays and objects are serialized into the XML format by | |||
considering an element containing a child or children to represent an | considering an element containing a child or children to represent an | |||
object, except for elements that contain only child element(s) named | object, except for elements containing only one or more child | |||
'i', which are considered arrays. For example, the example above | elements named "i", which are considered arrays. For example, the | |||
appears in XML as follows: | example above appears in XML as follows: | |||
HTTP/1.1 403 Forbidden | HTTP/1.1 403 Forbidden | |||
Content-Type: application/problem+xml | Content-Type: application/problem+xml | |||
Content-Language: en | Content-Language: en | |||
<?xml version="1.0" encoding="UTF-8"?> | <?xml version="1.0" encoding="UTF-8"?> | |||
<problem xmlns="urn:ietf:rfc:7807"> | <problem xmlns="urn:ietf:rfc:7807"> | |||
<type>https://example.com/probs/out-of-credit</type> | <type>https://example.com/probs/out-of-credit</type> | |||
<title>You do not have enough credit.</title> | <title>You do not have enough credit.</title> | |||
<detail>Your current balance is 30, but that costs 50.</detail> | <detail>Your current balance is 30, but that costs 50.</detail> | |||
skipping to change at line 757 ¶ | skipping to change at page 17, line 4 ¶ | |||
<type>https://example.com/probs/out-of-credit</type> | <type>https://example.com/probs/out-of-credit</type> | |||
<title>You do not have enough credit.</title> | <title>You do not have enough credit.</title> | |||
<detail>Your current balance is 30, but that costs 50.</detail> | <detail>Your current balance is 30, but that costs 50.</detail> | |||
<instance>https://example.net/account/12345/msgs/abc</instance> | <instance>https://example.net/account/12345/msgs/abc</instance> | |||
<balance>30</balance> | <balance>30</balance> | |||
<accounts> | <accounts> | |||
<i>https://example.net/account/12345</i> | <i>https://example.net/account/12345</i> | |||
<i>https://example.net/account/67890</i> | <i>https://example.net/account/67890</i> | |||
</accounts> | </accounts> | |||
</problem> | </problem> | |||
This format uses an XML namespace, primarily to allow embedding it | This format uses an XML namespace, primarily to allow embedding it | |||
into other XML-based formats; it does not imply that it can or should | into other XML-based formats; it does not imply that it can or should | |||
be extended with elements or attributes in other namespaces. The | be extended with elements or attributes in other namespaces. The | |||
RELAX NG schema explicitly only allows elements from the one | RELAX NG schema explicitly only allows elements from the one | |||
namespace used in the XML format. Any extension arrays and objects | namespace used in the XML format. Any extension arrays and objects | |||
MUST be serialized into XML markup using only that namespace. | MUST be serialized into XML markup using only that namespace. | |||
When using the XML format, it is possible to embed an XML processing | When using the XML format, it is possible to embed an XML processing | |||
instruction in the XML that instructs clients to transform the XML, | instruction in the XML that instructs clients to transform the XML, | |||
using the referenced XSLT code [XSLT]. If this code is transforming | using the referenced XSL Transformations (XSLT) code [XSLT]. If this | |||
the XML into (X)HTML, then it is possible to serve the XML format, | code is transforming the XML into (X)HTML, then it is possible to | |||
and yet have clients capable of performing the transformation display | serve the XML format, and yet have clients capable of performing the | |||
human-friendly (X)HTML that is rendered and displayed at the client. | transformation display human-friendly (X)HTML that is rendered and | |||
Note that when using this method, it is advisable to use XSLT 1.0 in | displayed at the client. Note that when using this method, it is | |||
order to maximize the number of clients capable of executing the XSLT | advisable to use XSLT 1.0 in order to maximize the number of clients | |||
code. | capable of executing the XSLT code. | |||
Appendix C. Using Problem Details with Other Formats | Appendix C. Using Problem Details with Other Formats | |||
In some situations, it can be advantageous to embed problem details | In some situations, it can be advantageous to embed problem details | |||
in formats other than those described here. For example, an API that | in formats other than those described here. For example, an API that | |||
uses HTML [HTML5] might want to also use HTML for expressing its | uses HTML [HTML5] might want to also use HTML for expressing its | |||
problem details. | problem details. | |||
Problem details can be embedded in other formats either by | Problem details can be embedded in other formats either by | |||
encapsulating one of the existing serializations (JSON or XML) into | encapsulating one of the existing serializations (JSON or XML) into | |||
skipping to change at line 802 ¶ | skipping to change at page 17, line 48 ¶ | |||
"type": "https://example.com/probs/out-of-credit", | "type": "https://example.com/probs/out-of-credit", | |||
"title": "You do not have enough credit.", | "title": "You do not have enough credit.", | |||
"detail": "Your current balance is 30, but that costs 50.", | "detail": "Your current balance is 30, but that costs 50.", | |||
"instance": "/account/12345/msgs/abc", | "instance": "/account/12345/msgs/abc", | |||
"balance": 30, | "balance": 30, | |||
"accounts": ["/account/12345", | "accounts": ["/account/12345", | |||
"/account/67890"] | "/account/67890"] | |||
} | } | |||
</script> | </script> | |||
or by defining a mapping into RDFa [RDFA]. | or by defining a mapping into a Resource Description Framework in | |||
Attributes (RDFa) [RDFA]. | ||||
This specification does not make specific recommendations regarding | This specification does not make specific recommendations regarding | |||
embedding problem details in other formats; the appropriate way to | embedding problem details in other formats; the appropriate way to | |||
embed them depends both upon the format in use and application of | embed them depends both upon the format in use and application of | |||
that format. | that format. | |||
Appendix D. Changes from RFC 7807 | Appendix D. Changes from RFC 7807 | |||
This revision has made the following changes: | This revision has made the following changes: | |||
End of changes. 52 change blocks. | ||||
104 lines changed or deleted | 111 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |