Which HTTP status to return on domain data error?

Question

I'm developing a RESTful application that integrates with other webservices.

My question is, which HTTP status should I return if my client posts data that is invalid for one of those webservices? For example, if it posts a name that is invalid for a webservice that my application uses, which of the 4** status codes should I return, considering it's a user input error?

Some considerations I've made, and why I'm not comfortable of using them:

• 400: The data is invalid, but not the request format itself
• 403: The server is not refusing to respond, although the data is invalid
• 406: The error is in a provided parameter, not in the "accept" header
• 412: The error has nothing to do with "If-Match" header

So, what would you use in this case?

Answer 1

In real life, HTTP status codes for REST and other web services can be vague and hard to clearly specify. Things also get interesting if your client is actually talking to a proxy server and that proxy sends back its own status. If there's a problem in your web service (perhaps below your app) you may just get 500.

In the past I would opt for returning 200 and using your own JSON-or-whatever structure for returning error information for your client.