Let's say that we have the following REST call:
GET api/companies/5
(get company with id 5)
If company '5' doesn't exist, we would typically return a 404 Not Found
response.
But now, let's take this call:
GET api/companies/5/invoices/10
(get invoice 10 from company 5)
Now, if company '5' doesn't exist, do we still return a 404 Not Found
? Or should a 404 only be returned if the outer most resource can not be found (invoice 10, in this case).
Would Bad Request
perhaps be a better option?
404 is your best response. According the HTTP RFC, http://www.ietf.org/rfc/rfc2616.txt, a 400 Bad Request means:
The request could not be understood by the server due to malformed syntax.
Whereas, a 404 states:
The server has not found anything matching the Request-URI.
The entire URI is your resource identifier, and you're not finding a matching resource for that particular identifier.
404 may cause a confusion - is the resource missing or is the actual URL incorrect?
I'd personally go for the 422
code:
The 422 (Unprocessable Entity) status code means the server
understands the content type of the request entity (hence a
415(Unsupported Media Type) status code is inappropriate), and the
syntax of the request entity is correct (thus a 400 (Bad Request)
status code is inappropriate) but was unable to process the contained
instructions. For example, this error condition may occur if an XML
request body contains well-formed (i.e., syntactically correct), but
semantically erroneous, XML instructions.