|
Error handlingOne simple rule:
You must catch such exceptions and deal with them properly. Error ResponsesThe body of HTTP 4xx response contains JSON-encoded dictionary with the details about the error. Each dictionary has at least the message key, which holds the error description intended for the developer to read. "error" and "reason" fieldsIn most cases Error Responses will also contain the error key with the generic code of the thrown error. The list of possible error values is described below. Note that we may introduce new codes in the future.For some error codes we may provide an additional reason key. Note that one reason can be used with different error codes. Most reason values will be described in the documentation of specific methods, although some common cases are listed below. Possible error values:
Only param_forbidden and object_* errors are explicitly documented in each method. However, other error values may still be present in the documentation if the method provides some additional keys. Possible reason codes for *_forbidden errors:
"user_messages" fieldSome methods are designed to process data from the user-supplied forms. If such form cannot be submitted for any reason (e.g. the data fails validation), then - as you may expect - the method will return a HTTP 400 response. Now, you may wonder: As a front-end developer, should you validate the data before you submit it to the API? The answer is NO. Usually, there's no reason for you to validate the data, which needs to be validated on the server anyway. Most well-designed API methods will perform the validation and return its results to you, so you can display the validation errors to the user. This is done with the user_messages field. If you ever find this field in the HTTP 400 response, then you should probably parse it's contents, and display them to the user. user_messages is a dictionary, and currently it may contain two keys (usually only one of them, not both):
Examples: { "message": "Access denied - spam prevention lock.", "user_messages": { "generic_message": { "en": "You have sent over a 100 messages in the last hour. " + "You must wait before you can send another one." "pl": "W przeciągu ostatniej godziny wysłałeś ponad 100 " + "wiadomości. Musisz poczekać, zanim pozwolimy Ci wysłać " + "kolejną." }, }, } { "message": "Required parameter fac_id is missing.", "error": "param_missing" "param_name": "fac_id", "user_messages": { "fields": { "fac_id": { "en": "This field is required.", "pl": "To pole jest wymagane." } } }, } { "message": "Multiple errors in the user-supplied form.", "user_messages": { "fields": { "fac_id": { "en": "This field is required.", "pl": "To pole jest wymagane." }, "course_id": { "en": "Course no longer conducted. Select another.", "pl": "Ten przedmiot nie jest już prowadzony. Wybierz inny." } } }, } HTTP 401 UnauthorizedOnce your application is deployed, this is surely the most frequent kind of error you will get. It occurs whenever the Access Token expires. (It may occur in some other situations, but this is the one situation which you should actually expect.) When does it happen:
This is very similar to a cookie/session expiration, which is a common issue for web applications and should be dealt with in a similar way. Usually it looks like this:
Note, that from the user's perspective nothing happened - he sent a request to your application, received two or three redirects (which he did not see), and got the page he initially wanted. Important: You must be prepared for a situation, that the new Access Token you receive above might by actually authorized by other user than you expect. It's not so hard to imagine this scenario: User logs out of USOS account, but does not close his browser - Access Tokens expire in such case, but your session data (based on a HTTP cookie) might be left intact! HTTP 400 Bad RequestThese types of errors are usually caused by an error on your part. You will probably get them frequently during development, but should get rid of most of them before your app is deployed. The most common causes for HTTP 400 error include:
Unless you're really sure your application is bug-free, you should catch such errors in production environment and mail them to yourself, for future debugging. HTTP 500 Internal Server ErrorThese types of errors are caused by an error on USOS API part. They should never happen. In case of its appearance, we will respond to it immediately. JSON-encoded dictionary with details about this error will be returned in one particular situation. If user with ID extracted from Access Token does not exist, an error with key object_not_found, key message and HTTP 500 status will be thrown. Invalid consumer / signatureOne more type of error is worth mentioning: If you use a invalid Consumer Key or sign your request with invalid signature, you will receive a HTTP 401 Unauthorized error. Once you have OAuth worked out though, you shouldn't see this error anymore. |