validation - What comes first: Permission or validity check? -
i building rest api , cannot decide check first: input validity or permissions. imagine user tries post invalid date endpoint not allowed access. should response 403 unauthorized
or 400 bad request
?
furthermore: there "official" spec describes , reasons why 1 lean 1 or other?
Comments
Post a Comment