Graphene: HTTP Status 200 when a mutation fails
I'm using graphene.contrib.django
If I raise an exception inside a mutation's mutate_and_get_payload() (e.g. because of a failed data validation), the resulting http response's code is 200 (OK). I'd expect 400 (Bad request).
vam
All 5 comments
As far as I can tell from the GraphQL spec there is no discussion of http response codes at all. The status codes of HTTP are strongly tied to rest principles. It's not clear to me whether GraphQL APIs should distinguish between 2XX and 4XX status codes.
Most notably, you can batch multiple mutations into the same request to the server. If one successfully creates a resource (201), one mutates a resource (200), one fails validation (400) and another the target object does not exists (404), what should the return value from the API be?
At the moment, GraphQL APIs seem to err on the side of 200 unless the server blows up, in which case 500.
mjtamlyn
on 24 May 2016
Thank you for your answer. I'm convinced.
vam
on 1 Jun 2016
@mjtamlyn I agree with you.
However, sometimes you want to send a 401 Unauthorized or a 403 Forbidden. Under these circumstances, graphene should send a 401/403 HTTP status.
helpse
on 25 Jul 2018
@helpse I think HTTP status code represents the status of the HTTP response itself, but not something related to the GraphQL query in the payload of the HTTP request. The request is handled perfectly by the server, that's what 200 means. And the errors in the queries? It's GraphQL's business to point them out in the response content, but not somewhere else which should be controlled by the Web Server itself. After all, the GraphQL query is only handled by only an endpoint of the server. And I think it's one of the disadvantages of GraphQL against RESTful.
lsdsjy
on 26 Jan 2019
I understood that GraphQL doesn't care of the http codes but I have not found the way that Graphene return "extensions" in errors responses like in others
{
"errors":[
{
"message":"Authentication failure!!",
"locations":[{"line":2,"column":3}],
"path":["me"]
}
],
"data":
{
"me":null
}
}
with key "extensions":
{
"errors": [
{
"message": "Name for character with ID 1002 could not be fetched.",
"locations": [ { "line": 6, "column": 7 } ],
"path": [ "hero", "heroFriends", 1, "name" ],
"extensions": {
"code": "CAN_NOT_FETCH_BY_ID",
"timestamp": "Fri Feb 9 14:33:09 UTC 2018"
}
}
]
}
I rise exceptions with GraphQLError:
class Query(graphene.ObjectType):
me = graphene.Field(UserType)
def resolve_me(root, info):
user = info.context.user
if user.is_anonymous:
raise GraphQLError('Authentication failure!!')
return user
is it supported?
thanks.
lovecrafteolin
on 29 Jan 2020
Related issues
dfee
路
4Comments
mraak
路
3Comments
lincolnq
路
3Comments
japrogramer
路
4Comments
Glyphack
路
3Comments
Most helpful comment
As far as I can tell from the GraphQL spec there is no discussion of http response codes at all. The status codes of HTTP are strongly tied to rest principles. It's not clear to me whether GraphQL APIs should distinguish between 2XX and 4XX status codes.
Most notably, you can batch multiple mutations into the same request to the server. If one successfully creates a resource (201), one mutates a resource (200), one fails validation (400) and another the target object does not exists (404), what should the return value from the API be?
At the moment, GraphQL APIs seem to err on the side of 200 unless the server blows up, in which case 500.