Documentation does not show responses for invalid requests / error codes

[adamconder]

Documentation should state the possible HTTP responses returned and their respective codes. If the body of the request contains an errors object with codes this should also be documented.
Examples of errors we've occurred so far:

• Failed authentication (400 / 401)
• Invalid headers (400)
• Invalid endpoint (404)
• TLS handshake failure - (403 / 500)
• BadRequest (400)

It would be great if these were documented on the API and if possible descriptive error codes we're returned in the scenario of a BadRequest or Forbidden.

Based on the above are there other response codes being returned that we're unaware of?

[adamconder]

@timgent I'd like to know if you's are looking into this as we're still receiving responses at times we don't expect. Sometimes get BadGateway back etc.
It would be good to clarify what responses you do return.

[timgent]

@adamconder Sorry for the delay on this, not a priority for us right now as got a few last minute panics before we spin up our production service.

As you say the following codes are currently encountered:
oauth/login endpoint:

• 400 - wrong params
• 418 - often caused if it is a post with no params
• 401 - Expired token

Any endpoint:

• 403 - no client certificate

Application endpoints

• 404 - missing headers or no record

Interested if you are getting other errors. We haven't yet fixed our rolling update so when we deploy there is a little bit of downtime that could cause this. If you're getting issues outside of this though then it is something we should investigate.