3 years ago

In which order should authentication, 404s, etc be checked?

Posted 3 years ago by audunru

For my API, a request like update will have the following checks before the database is updated:

  • authentication (is the user a valid user)
  • 404 (does the thing the user wants to update exist)
  • authorization (is the user authorized to update the ting)
  • validation (are the parameters in the request valid)

In which order should I check for these?

Checking for authentication first seems OK to me, but after that I'm a little undecided about the best way to handle errors.

Please sign in or create an account to participate in this conversation.