Which HTTP status code to say username or password were incorrect?

If you use HTTP authentication as defined by RFC 7235, 401 would be correct (for missing or incorrect credentials). Howewer you have to implement WWW-Authenticate header field. Otherwise, use RFC 7231 6.5.3. 403 Forbidden. Note though that 404 is also applicable as per the above link: An origin server that wishes to “hide” the current …

Read more

Authorization in RESTful HTTP API, 401 WWW-Authenticate

To answer your questions: How to deal with unauthorized requests? The way you described it is pretty much the recommended way for a RESTful service. As far as I can see there is absolutely nothing wrong with that. What WWW-Authenticate header should 401 responses supply? In general the WWW-Authenticate header tells the client what kind …

Read more

Http Status Code in Android Volley when error.networkResponse is null

Or, how can I ensure error.networkResponse is non-null in onErrorResponse? My first thought would be to check if the object is null. @Override public void onErrorResponse(VolleyError error) { NetworkResponse networkResponse = error.networkResponse; if (networkResponse != null && networkResponse.statusCode == HttpStatus.SC_UNAUTHORIZED) { // HTTP Status Code: 401 Unauthorized } } Alternatively, you could also try grabbing …

Read more