If 400 error is bad request, would a not authorized call be a 400 error? Like if I use api token in the app and my call doesn’t have authorization header, is that what a 400 error is? Or is 400 error when I select Get but it should be Put?
None of them.
400 bad request like a wrong JSON or missing requested parameters.
401 unauthorized
405 wrong method.
At worst, I could consider a 403 for forbidden. That could make sense in this context.
1 Like
Maybe. And I just don’t really understand how Bubble work. like if you go to this link: https://bookpilot.co/api/1.1/init/data?location=https://xxx/1756813939720x797068929125331000, it returns (returning this pass some test in the earlier run), but if you go to https://bookpilot.co/api/1.1/init/data?location=https://xxx/xxx/1756813939720x797068929125331000, it’ll return something. and the location url are both even fake, not real pages in my app.
Just a followup on this question, we ended up rebuild everything with Next.js and pass the security review in just one round. Everything is much easier to configure after we move out from Bubble…