RESTful API: require user agent string?

MikeWyatt picture MikeWyatt · Jun 6, 2011 · Viewed 12.5k times · Source

My team has a web site with a RESTful API. We're is working on load testing it, so we've built a small console app to hammer it with requests. This console app does not set the user agent string, and that is causing an error in our API because it is a required field in our database.

So, should I make the API extra robust and simply use a default string (i.e. "unknown") if a user agent isn't included in the request? Or, should I return a 400 Bad Request response in this situation? I know either is possible, but I'm looking for the standard way to do this.

Answer

Brian Kelly picture Brian Kelly · Jun 6, 2011

Since the User-Agent header is not absolutely required to be present within HTTP requests (the spec says the header SHOULD be there, rather than MUST), your API would be more robust if it could handle it not being present.

That said, it would probably be good for your test app to pass a User-Agent identifier of "test app" or something, just so you could track it in your database, or to throttle or profile your test traffic.

I would caution you not to use User-Agent as a definitive identifier of the client application though, since it is so easily spoofed. It doesn't sound like you're doing that but I thought I'd mention it.