What is the proper HTTP response to send for requests that require SSL/TLS

http rest ssl https httpresponse
gtd picture gtd · Mar 31, 2010 · Viewed 16.1k times · Source

I'm designing an RESTful API where some calls are public over HTTP, and some require an API key and encryption over HTTPS. I'm deliberating on what response code should be sent if an HTTP request is sent to one of the private resources. So far the only one that jumps out at me is 412 - Precondition Failed, but the standard indicates that the precondition is imposed by the requester not the server.

Is there an appropriate response code for this condition or do I just need to give in and do 400?

Answer

MicE picture MicE · Mar 31, 2010

I cannot say if this is broadly accepted by HTTP clients, but speaking strictly RFC, the server should respond with:

HTTP/1.1 426 Upgrade Required
Upgrade: TLS/1.0, HTTP/1.1
Connection: Upgrade

Source:
http://tools.ietf.org/html/rfc2817#section-4.2

Related questions

PUT vs. POST in REST

According to the HTTP/1.1 Spec: The POST method is used to request that the origin server accept the entity enclosed in the request as a new subordinate of the resource identified by the Request-URI in the Request-Line In other words, …

Read More
What exactly is RESTful programming?

What exactly is RESTful programming?

Read More
HTTP GET with request body

I'm developing a new RESTful webservice for our application. When doing a GET on certain entities, clients can request the contents of the entity. If they want to add some parameters (for example sorting a list) they can add these …

Read More