[DMS-1875] CBAT: API response codes. Activate and Deactivate company - Workterra Jira

Details

Type: New Feature
Status: To Do
Priority: High
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: Winter 2020 CBAT Integration
Labels:
None

Company:
All Clients/Multiple Clients
Epic Link:
Integration with CBAT

Sprint:
DMS - Gap Fall & Win Sprint 3, DMS - Gap Fall & Win Sprint 4, Spring-2020 - Sprint 3, Spring-2020 - Sprint 4, Spring-2020 - Sprint 5, Spring-2020 - Sprint 6

Description

"Activate and Deactivate company" section and about API response codes. We need to differentiate when a company exists vs invalid payload content. Currently, both cases return 400 code which is not compliant with HTTP standards

Attachments

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Samir added a comment - 10/Sep/19 05:51 AM

Joris Berthelot

Show

Samir added a comment - 10/Sep/19 05:51 AM Joris Berthelot

Hide

Permalink

Rohan J Khandave (Inactive) added a comment - 10/Sep/19 06:13 AM - edited

API Details :

PUT : /api/companyStatus?isActive=true

Company account-did needs to pass into header.

As per current implementation system returning bad request code (400) in below scenarios

Account did not exists into DMS System.[This is validation in system for all API]
Company already activated / deactivated , still user want to perform same operation.
Active company with same name already exists.

We need to change status response to conflict in for point 2 & 3 scenarios only.

Note: No changes required for scenario 1.

CC – Joris Berthelot , Samir

Show

Rohan J Khandave (Inactive) added a comment - 10/Sep/19 06:13 AM - edited API Details : PUT : /api/companyStatus?isActive=true Company account-did needs to pass into header. As per current implementation system returning bad request code (400) in below scenarios Account did not exists into DMS System. [This is validation in system for all API] Company already activated / deactivated , still user want to perform same operation. Active company with same name already exists. We need to change status response to conflict in for point 2 & 3 scenarios only. Note: No changes required for scenario 1. CC – Joris Berthelot , Samir

Hide

Permalink

Joris Berthelot (Inactive) added a comment - 13/Sep/19 02:36 AM

Hi Rohan J Khandave,

I believe scenario 1 should return 404 code instead of 400. 400 would mean the request is malformed which is not the case... 404 means the resource does not exist.

However, if the account did header (or any required data) is not passed, it should return a 400 error.

Scenario 2 & 3 should, IMO, always return 200 (or 202 if the action if delayed), unless some internal error occurs and, thus should return a 5xx error.

Thanks!

Show

Joris Berthelot (Inactive) added a comment - 13/Sep/19 02:36 AM Hi Rohan J Khandave , I believe scenario 1 should return 404 code instead of 400. 400 would mean the request is malformed which is not the case... 404 means the resource does not exist. However, if the account did header (or any required data) is not passed, it should return a 400 error. Scenario 2 & 3 should, IMO, always return 200 (or 202 if the action if delayed), unless some internal error occurs and, thus should return a 5xx error. Thanks!

Hide

Permalink

Rohan J Khandave (Inactive) added a comment - 13/Sep/19 03:05 AM

Hello Joris Berthelot,

You are right , account-did is required in header. If it not passed or wrong input comes we show 400 error.

Regarding point 2 & 3 ,

We can not pass 202 because all API are synchronous in execution.
For server error we always returns 500 as status code.
You needed status code 200 even if API returns some validation message to user , please confirm this ?

Thanks,
RohanK

CC – Samir

Show

Rohan J Khandave (Inactive) added a comment - 13/Sep/19 03:05 AM Hello Joris Berthelot , You are right , account-did is required in header. If it not passed or wrong input comes we show 400 error. Regarding point 2 & 3 , We can not pass 202 because all API are synchronous in execution. For server error we always returns 500 as status code. You needed status code 200 even if API returns some validation message to user , please confirm this ? Thanks, RohanK CC – Samir

Hide

Permalink

Joris Berthelot (Inactive) added a comment - 16/Sep/19 07:18 AM

Hi Rohan J Khandave,

Could you explain "You needed status code 200 even if API returns some validation message to user , please confirm this ?"?

Maybe provide some example?

Thanks!

Show

Joris Berthelot (Inactive) added a comment - 16/Sep/19 07:18 AM Hi Rohan J Khandave , Could you explain "You needed status code 200 even if API returns some validation message to user , please confirm this ?"? Maybe provide some example? Thanks!

Hide

Permalink

Rohan J Khandave (Inactive) added a comment - 18/Sep/19 12:52 AM

Hello Joris Berthelot,

Currently API returns bad request in below scenarios

Company already activated / deactivated , still user want to perform same operation.
Active company with same name already exists.

We are changing response code from Bad Request (400) to Conflict (409) , are you fine with this ? Or you want to OK (200) status for above mentioned scenarios. So we can do changes accordingly.

Thanks,
RohanK

Show

Rohan J Khandave (Inactive) added a comment - 18/Sep/19 12:52 AM Hello Joris Berthelot , Currently API returns bad request in below scenarios Company already activated / deactivated , still user want to perform same operation. Active company with same name already exists. We are changing response code from Bad Request (400) to Conflict (409) , are you fine with this ? Or you want to OK (200) status for above mentioned scenarios. So we can do changes accordingly. Thanks, RohanK

Hide

Permalink

Joris Berthelot (Inactive) added a comment - 18/Sep/19 01:25 AM

Hi Rohan J Khandave,

PUT HTTP verb is supposed to be idempotent so if you proceed the same call multiple time, the result should be the same: always return the same success response (200) unless an error occurs.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PUT

Applying several times the same activation state is not a conflictual IMO and should be allowed.

Does this make sense to you?

Show

Joris Berthelot (Inactive) added a comment - 18/Sep/19 01:25 AM Hi Rohan J Khandave , PUT HTTP verb is supposed to be idempotent so if you proceed the same call multiple time, the result should be the same: always return the same success response (200) unless an error occurs. https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PUT Applying several times the same activation state is not a conflictual IMO and should be allowed. Does this make sense to you?

Hide

Permalink

Rohan J Khandave (Inactive) added a comment - 19/Sep/19 02:45 AM

Hello Joris Berthelot,

Thanks for sharing details.

We will do the changes at our end and return 200 status in below scenarios.

Activate already active company.
Deactivate already deactivate company.

There is no change in below scenarios, currently API returns Bad Request.

Company not found.
When user try to activate already deactivated and in system another active company exists with same name.

Shamooka Mohapatra , please let us know if any changes needed at your end for above changes ? if no then we can start this change at our end.

Thanks,
RohanK

Show

Rohan J Khandave (Inactive) added a comment - 19/Sep/19 02:45 AM Hello Joris Berthelot , Thanks for sharing details. We will do the changes at our end and return 200 status in below scenarios. Activate already active company. Deactivate already deactivate company. There is no change in below scenarios, currently API returns Bad Request. Company not found. When user try to activate already deactivated and in system another active company exists with same name. Shamooka Mohapatra , please let us know if any changes needed at your end for above changes ? if no then we can start this change at our end. Thanks, RohanK

Hide

Permalink

Joris Berthelot (Inactive) added a comment - 19/Sep/19 02:58 AM

Hi Rohan J Khandave,

When a company is not found, it should return 404, not 400. That's the original request of this card

When user try to activate already deactivated and in system another active company exists with same name

I'm not sure to understand what you wrote here....

Thanks!

Show

Joris Berthelot (Inactive) added a comment - 19/Sep/19 02:58 AM Hi Rohan J Khandave , When a company is not found, it should return 404, not 400. That's the original request of this card When user try to activate already deactivated and in system another active company exists with same name I'm not sure to understand what you wrote here.... Thanks!

Hide

Permalink

Rohan J Khandave (Inactive) added a comment - 19/Sep/19 04:27 AM - edited

Hello Joris Berthelot,

When user try to activate already deactivated and in system another active company exists with same name

DMS has validation , company name must be unique for active companies, system validate company names among all active companies. So when some one try to activate company system validate any other active company has same name or not.

When a company is not found, it should return 404, not 400. That's the original request of this card.

We get account did into header ,we try to validate those header value when validation fails , returns bad request. If you still want to return Not Found (404). We can take this change. But this change will get applicable for all DMS API's.

Thanks,
RohanK

Show

Rohan J Khandave (Inactive) added a comment - 19/Sep/19 04:27 AM - edited Hello Joris Berthelot , When user try to activate already deactivated and in system another active company exists with same name DMS has validation , company name must be unique for active companies, system validate company names among all active companies. So when some one try to activate company system validate any other active company has same name or not. When a company is not found, it should return 404, not 400. That's the original request of this card. We get account did into header ,we try to validate those header value when validation fails , returns bad request. If you still want to return Not Found (404). We can take this change. But this change will get applicable for all DMS API's. Thanks, RohanK

Hide

Permalink

Joris Berthelot (Inactive) added a comment - 19/Sep/19 06:46 AM - edited

Hi Rohan J Khandave,

We get account did into header ,we try to validate those header value when validation fails , returns bad request. If you still want to return Not Found (404). We can take this change. But this change will get applicable for all DMS API's.

Validation means user data input validation: if data is missing, empty, null, zero, not parseable, etc. -> return 400.

If the data format is valid but when looking up into your database, there's no match -> return 404.

This behavior should be indeed enforce on all API endpoints. There is very strong difference between "invalid input" and "missing requested resource".

DMS has validation , company name must be unique for active companies, system validate company names among all active companies. So when some one try to activate company system validate any other active company has same name or not.

This is a weird logic but why not. That case should return 409 and then we will ignore on our side meaning the company has been already deactivated.

Thanks for your patience!

Show

Joris Berthelot (Inactive) added a comment - 19/Sep/19 06:46 AM - edited Hi Rohan J Khandave , We get account did into header ,we try to validate those header value when validation fails , returns bad request. If you still want to return Not Found (404). We can take this change. But this change will get applicable for all DMS API's. Validation means user data input validation: if data is missing, empty, null, zero, not parseable, etc. -> return 400. If the data format is valid but when looking up into your database, there's no match -> return 404. This behavior should be indeed enforce on all API endpoints. There is very strong difference between "invalid input" and "missing requested resource". DMS has validation , company name must be unique for active companies, system validate company names among all active companies. So when some one try to activate company system validate any other active company has same name or not. This is a weird logic but why not. That case should return 409 and then we will ignore on our side meaning the company has been already deactivated. Thanks for your patience!

Hide

Permalink

Joris Berthelot (Inactive) added a comment - 25/Oct/19 01:36 AM

Hi Samir,

I see this card is being spilled over again and again from a sprint to another. Can we get this done asap please?

Thanks,

cc. Amrendra Kumar

Show

Joris Berthelot (Inactive) added a comment - 25/Oct/19 01:36 AM Hi Samir , I see this card is being spilled over again and again from a sprint to another. Can we get this done asap please? Thanks, cc. Amrendra Kumar

Hide

Permalink

Joris Berthelot (Inactive) added a comment - 13/Feb/20 07:29 AM

Any update on this, please?

cc Amrendra Kumar

Show

Joris Berthelot (Inactive) added a comment - 13/Feb/20 07:29 AM Any update on this, please? cc Amrendra Kumar

Hide

Permalink

Samir added a comment - 24/Feb/20 08:45 PM

Hi Joris Berthelot,

Can we have a call to discuss this. Please let me know your availability?

Regards,

Samir

Show

Samir added a comment - 24/Feb/20 08:45 PM Hi Joris Berthelot , Can we have a call to discuss this. Please let me know your availability? Regards, Samir

Hide

Permalink

Joris Berthelot (Inactive) added a comment - 14/May/20 08:06 AM

Hello,

Has this card been fixed already? Because I'm getting 404 now when a system seems to not exist. Could you confirm?

Thanks!

Show

Joris Berthelot (Inactive) added a comment - 14/May/20 08:06 AM Hello, Has this card been fixed already? Because I'm getting 404 now when a system seems to not exist. Could you confirm? Thanks!

People

Assignee:: Samir

Reporter:: Samir

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Sep/19 05:50 AM

Updated:: 14/May/20 08:06 AM

Time Tracking

Estimated:

Remaining:

Logged: