Say a REST client is logged in and attempts to register, in which case the server ignores the request. What status should be returned here?
I would return one of the following, as is not a Success request (2xx), redirection (3xx) or Error (5xx):
400 (Bad Request)
400 is the generic client-side error status, used when no other 4xx error code is appropriate. Errors can be like malformed request syntax, invalid request message parameters, or deceptive request routing etc.The client SHOULD NOT repeat the request without modifications.
or
422 Unprocessable Entity
The 422 (Unprocessable Entity) status code means the server understands the content type of the request entity (hence a 415(Unsupported Media Type) status code is inappropriate), and the syntax of the request entity is correct (thus a 400 (Bad Request) status code is inappropriate) but was unable to process the contained instructions.
But is up to you. This assuming that the client sends in the request the Token/Bearer to be logged in and try to do a 'valid' request to the /registration endpoint.
Hope it helps!