Authentication failure error messages
Endpoints that return elements
For endpoints that return elements, when a given resource does not exist, Cloud API throws
a NotFoundException
with a user message similar to "No resource was found
at path...". When a given resource does exist, but the user lacks sufficient resource
access, Cloud API throws the same exception with the same user message. This approach is
considered to be more secure as it prevents malicious callers from being able to verify the
existence of data that they are not authorized to access.
For example, suppose a user executes GET /activities/xc:20
. Also, suppose
activity xc:20 exists but the user lacks sufficient resource access, the following error is
returned:
"status": 404,
"errorCode": "gw.api.rest.exceptions.NotFoundException",
"userMessage": "No resource was found at path /activities/xc:20"
Endpoints that return collections
For endpoints that return collections, Cloud API returns all resources that meet the criteria and for which the user has sufficient resource access. If a resource exists, but the user lacks sufficient resource access, Cloud API omits it from the results. This approach is considered to be more secure as it prevents malicious callers from being able to verify the existence of data that they are not authorized to access.
For example, suppose a user executes GET /activities
. Also, suppose that
there are three activities in the database: xc:10, xc:20, and xc:30. The user has sufficient
resource access to view xc:10 and xc:30, but not xc:20. The call returns the following:
{
"count": 2
"data": [
{
"attributes": {
"id": "xc:10",
... },
...
},
{
"attributes": {
"id": "xc:30",
... },
...
}
"links": { ... }
}