Re: [httpapi] RFC for HTTP API error responses (was: rfc7807 errata or just "more")
Sanjay Dalal <sanjay.dalal@cal.berkeley.edu> Mon, 18 January 2021 17:11 UTC
Return-Path: <sanjay.dalal@gmail.com>
X-Original-To: httpapi@ietfa.amsl.com
Delivered-To: httpapi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE7C13A0ADF for <httpapi@ietfa.amsl.com>; Mon, 18 Jan 2021 09:11:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cal-berkeley-edu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V0g-bWjM4VEu for <httpapi@ietfa.amsl.com>; Mon, 18 Jan 2021 09:11:54 -0800 (PST)
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com [IPv6:2607:f8b0:4864:20::32a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1082A3A0AC5 for <httpapi@ietf.org>; Mon, 18 Jan 2021 09:11:54 -0800 (PST)
Received: by mail-ot1-x32a.google.com with SMTP id w3so16911481otp.13 for <httpapi@ietf.org>; Mon, 18 Jan 2021 09:11:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cal-berkeley-edu.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=57Qt2sUMDO3fGGI35RY8B8CQzs6cuURw8kIvUZM1C34=; b=aO/jlqfMRAIhxQnjz63Uy3egTBz8irp4oVjB2wZs71goQ60L8KolKG3rhmYDOFFoiT 3BIINVIfQBfxa8yNATqT/Lscw1uhOkKk00cjR95L63UgFDGqlAxzBTrFJ71XjTSjTWpZ /7VQ8iujkW5Xn+ac9f+Dzj9nJ8js/ErCQnmv7h5B+S9PNKjheiFpE+jn4qDPia8sqmSy 0itX6KFc7nnzlP5bT/7xlMp8HT4ddnGpO5LroquTwAupSDrYepkG5zmLC1bCkI7okyaC ctWsm0r/8QIzLWtl3MISuI6UW84bfNnjvMwcJPJF0RV/k6N5Yy6U2S9Xd9XHVTPIFmL3 x90Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=57Qt2sUMDO3fGGI35RY8B8CQzs6cuURw8kIvUZM1C34=; b=PoPcbKWQdEMuFt3+HDShOD14Gjmq7gnlFGcOL+8h0A1PX8nSJmp4NhDJg9jtMcy1kd Gr0PhuQp6TZlA8nII0hP/gQvUGgMZ2DogqdLdx+3qHhE244d2pCJk9CTrpk3A/ZdRgZt QrBZeNxHu03i6ZBXf7t+Xl/SCQoB6pR7t8wVDTOfF1qF48Wa8iJZCt4MoGocPDehmpcP 4fQy/FnTxUHXhm7YkCkgxQeiVv4oZO5IvjyWRokkHVckbKjkYbIzCbPgHEuDAtXczjlD PXwMcG2I0WEehoAJQOOFTjVZf7U13Lz2tSxUGodLjXTfsQHkNVJzLfcQgZA6MJS6g+em Ix7w==
X-Gm-Message-State: AOAM531Ocytu4STYyrK2HCG1E3mzrObL8utGYVXi0a/zdHfD3PGDNybb 78iWY5j1x2WDLd9AgzeYMqLPJtncQp8e4Fc8cr55h6tOY62PkQ==
X-Google-Smtp-Source: ABdhPJzcvxD2KxRzY2V2r+Cm00Xwbnpd5z78QU7gUKtJBCDthcKOVxX5fbVThIFzWeHYpBlXqSBBz2Mt9+FILDL7Ajk=
X-Received: by 2002:a9d:6751:: with SMTP id w17mr355915otm.328.1610989912826; Mon, 18 Jan 2021 09:11:52 -0800 (PST)
MIME-Version: 1.0
References: <CAC5fHGPAVBKiV81bTGpm3BwwfRT-UZw732okCA7d9TTBBwGvGQ@mail.gmail.com> <5fc6752d-f3d7-0781-6e3a-1fd99f74a9ad@beonex.com>
In-Reply-To: <5fc6752d-f3d7-0781-6e3a-1fd99f74a9ad@beonex.com>
From: Sanjay Dalal <sanjay.dalal@cal.berkeley.edu>
Date: Mon, 18 Jan 2021 09:11:41 -0800
Message-ID: <CAC5fHGOuX9cRDwisX0G66Lt8Jp8+93Nk+NyL=YfXuer6sK54LA@mail.gmail.com>
To: Ben Bucksch <news@bucksch.org>
Cc: httpapi@ietf.org
Content-Type: multipart/alternative; boundary="0000000000007da9ba05b92fd1db"
Archived-At: <https://mailarchive.ietf.org/arch/msg/httpapi/nE95G1uvO-D7ZmWEdEw7XG4R794>
Subject: Re: [httpapi] RFC for HTTP API error responses (was: rfc7807 errata or just "more")
X-BeenThere: httpapi@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Building Blocks for HTTP APIs <httpapi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/httpapi>, <mailto:httpapi-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/httpapi/>
List-Post: <mailto:httpapi@ietf.org>
List-Help: <mailto:httpapi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/httpapi>, <mailto:httpapi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jan 2021 17:11:56 -0000
Hello Ben, >I find that error responses - and more generally error handling - is severely lacking in many systems I come across, and it's causing problems during software development. Huge +1. Lack of it, increases cost of support, affects developer experience. > I wanted to propose to make a new RFC for nailling down not only the error responses, but also what information is expected in the response, and the behavioral contract. Errors should be part of the protocol and API contract. Looking forward to seeing your starting point content and collaborating with you. Hope you got a chance to look at the Error Catalog Service <https://github.com/sdatspun2/error-catalog-service> and its OpenAPI extension <https://github.com/sdatspun2/error-catalog-service/blob/master/OpenAPIExtensionForErrorType.md> . thanks, sanjay On Fri, Jan 15, 2021 at 8:08 PM Ben Bucksch <news@bucksch.org> wrote: > Hello Sanjay, hello everybody, > > thank you for bringing this up. In fact, this topic is the very reason why > I joined this mailling list and WG: I find that error responses - and more > generally error handling - is severely lacking in many systems I come > across, and it's causing problems during software development. > > I wanted to propose to make a new RFC for nailling down not only the error > responses, but also what information is expected in the response, and the > behavioral contract. Errors should be part of the protocol and API contract. > > I had written some document for my project and teams, in my role as > software architect, based on my experience, and I wanted to share that with > you as starting point for an RFC. The document I have is not suitable as > Standard document, it's an software architecture document, but I think many > of the ideas are viable to be included in the RFC. > > I would like to ask you, esp. the leaders of the WG: Would you be willing > to discuss and adopt such a new RFC? It would probably include RFC 7807, > but significantly extend it in its scope. > > Ben Bucksch > > > Am 15.01.21 um 19:32 schrieb Sanjay Dalal: > > Hello all, > > Thanks folks for providing instructions on how to provide feedback to an > RFC. This feedback is for RFC 7807 <https://tools.ietf.org/html/rfc7807>, > "Problem Details for HTTP APIs". > > I like RFC 7807. In fact, I have designed Error Catalog Service > <https://github.com/sdatspun2/error-catalog-service> such that the > problem types of RFC 7807 can be managed (CRUDL) and used in error > responses, API definition, API documentation, API testing, etc. > > However, I find that RFC 7807 omitted one very common use case in its > proposed schema for Problem Details Object > <https://tools.ietf.org/html/rfc7807#section-3.1> (section 3.1). This > use case is about reporting of multiple errors of the same problem type in > an error response. RFC suggests defining an extension for this use case. > > As you know, having multiple schema validation related errors in payload > of HTTP requests is a very common scenario for the HTTP APIs. How can we > improve the Problem Details Object schema to accommodate this common use > case? We should not expect API developers to respond with one error at a > time in the case of 400 scenarios. That would be an unpleasant developer > experience. Asking the API developers to define an extension for such a > common scenario hurts in adoption of the Problem Types. > > In my opinion, instead of the proposed singular "*instance*" property of > type string, there should be an array of *instances. *You can find what > we have done for the error response of the Error Catalog service > <https://github.com/sdatspun2/error-catalog-service/blob/master/ErrorResponseInErrorCatalog.md>.There > could be other ways. > > I have communicated with both Erik Wilde and Mark Nottingham about this > issue. Both of them are open to discussing a revision under this WG if > the group thinks it is necessary. Would love to get your comments, > opinions, approaches and suggestions. > > thanks and regards, > sanjay > > > > I am not too familiar with the process to comment an RFC but is there > in general > a form where I can provide written feedback to existing specifications > or is > this done through this mailing list? > > >On Sat, Jan 9, 2021 at 9:40 AM Salz, Rich <rsalz= > 40akamai.com@dmarc.ietf.org> wrote: > RFC's are published documents, not drafts; the name "request for comments" > is a node to IETF history. How to provide feedback on published RFC's > depends on the amount and nature of feedback. If you have a well-contained > technical error, you want to report an "errata" against the RFC. If it's > more philosophical or just "more", it might be better to find the WG that > published the RFC and post to that mailing list (see above). > > > -- > httpapi mailing list > httpapi@ietf.org > https://www.ietf.org/mailman/listinfo/httpapi >
- [httpapi] rfc7807 errata or just "more" Sanjay Dalal
- [httpapi] RFC for HTTP API error responses (was: … Ben Bucksch
- Re: [httpapi] RFC for HTTP API error responses (w… Salz, Rich
- Re: [httpapi] rfc7807 errata or just "more" Darrel Miller
- Re: [httpapi] rfc7807 errata or just "more" Sanjay Dalal
- Re: [httpapi] RFC for HTTP API error responses (w… Sanjay Dalal
- Re: [httpapi] RFC for HTTP API error responses (w… Darrel Miller
- Re: [httpapi] rfc7807 errata or just "more" Darrel Miller
- Re: [httpapi] rfc7807 errata or just "more" Roberto Polli
- Re: [httpapi] rfc7807 errata or just "more" Sanjay Dalal
- Re: [httpapi] rfc7807 errata or just "more" Roberto Polli