< draft-ietf-httpapi-rfc7807bis-00.txt   draft-ietf-httpapi-rfc7807bis-01.txt >
Network Working Group M. Nottingham HTTPAPI M. Nottingham
Internet-Draft Internet-Draft
Obsoletes: 7807 (if approved) E. Wilde Obsoletes: 7807 (if approved) E. Wilde
Intended status: Standards Track Intended status: Standards Track
Expires: 16 October 2021 S. Dalal Expires: 16 April 2022 S. Dalal
14 April 2021 13 October 2021
Problem Details for HTTP APIs Problem Details for HTTP APIs
draft-ietf-httpapi-rfc7807bis-00 draft-ietf-httpapi-rfc7807bis-01
Abstract Abstract
This document defines a "problem detail" as a way to carry machine- This document defines a "problem detail" as a way to carry machine-
readable details of errors in a HTTP response to avoid the need to readable details of errors in a HTTP response to avoid the need to
define new error response formats for HTTP APIs. define new error response formats for HTTP APIs.
Discussion Venues Discussion Venues
This note is to be removed before publishing as an RFC. This note is to be removed before publishing as an RFC.
skipping to change at page 1, line 41 skipping to change at page 1, line 41
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 16 October 2021. This Internet-Draft will expire on 16 April 2022.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 20 skipping to change at page 2, line 20
extracted from this document must include Simplified BSD License text extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License. provided without warranty as described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . 4
3. The Problem Details JSON Object . . . . . . . . . . . . . . . 4 3. The Problem Details JSON Object . . . . . . . . . . . . . . . 4
3.1. Members of a Problem Details Object . . . . . . . . . . . 5 3.1. Members of a Problem Details Object . . . . . . . . . . . 5
3.2. Extension Members . . . . . . . . . . . . . . . . . . . . 6 3.1.1. "type" . . . . . . . . . . . . . . . . . . . . . . . 5
4. Defining New Problem Types . . . . . . . . . . . . . . . . . 7 3.1.2. "status" . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.1.3. "title" . . . . . . . . . . . . . . . . . . . . . . . 7
4.2. Predefined Problem Types . . . . . . . . . . . . . . . . 8 3.1.4. "detail" . . . . . . . . . . . . . . . . . . . . . . 7
5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 3.1.5. "instance" . . . . . . . . . . . . . . . . . . . . . 7
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 3.2. Extension Members . . . . . . . . . . . . . . . . . . . . 8
6.1. application/problem+json . . . . . . . . . . . . . . . . 9 4. Defining New Problem Types . . . . . . . . . . . . . . . . . 8
6.2. application/problem+xml . . . . . . . . . . . . . . . . . 10 4.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 9
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 4.2. Registered Problem Types . . . . . . . . . . . . . . . . 10
7.1. Normative References . . . . . . . . . . . . . . . . . . 11 4.2.1. about:blank . . . . . . . . . . . . . . . . . . . . . 11
7.2. Informative References . . . . . . . . . . . . . . . . . 12 5. Security Considerations . . . . . . . . . . . . . . . . . . . 11
Appendix A. HTTP Problems and XML . . . . . . . . . . . . . . . 13 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
Appendix B. Using Problem Details with Other Formats . . . . . . 15 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 16 7.1. Normative References . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 7.2. Informative References . . . . . . . . . . . . . . . . . 13
Appendix A. JSON Schema for HTTP Problems . . . . . . . . . . . 14
Appendix B. HTTP Problems and XML . . . . . . . . . . . . . . . 15
Appendix C. Using Problem Details with Other Formats . . . . . . 17
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18
1. Introduction 1. Introduction
HTTP [RFC7230] status codes are sometimes not sufficient to convey HTTP [HTTP] status codes are sometimes not sufficient to convey
enough information about an error to be helpful. While humans behind enough information about an error to be helpful. While humans behind
Web browsers can be informed about the nature of the problem with an Web browsers can be informed about the nature of the problem with an
HTML [HTML5] response body, non-human consumers of so-called "HTTP HTML [HTML5] response body, non-human consumers of so-called "HTTP
APIs" are usually not. APIs" are usually not.
This specification defines simple JSON [RFC7159] and XML [XML] This specification defines simple JSON [RFC8259] and XML [XML]
document formats to suit this purpose. They are designed to be document formats to suit this purpose. They are designed to be
reused by HTTP APIs, which can identify distinct "problem types" reused by HTTP APIs, which can identify distinct "problem types"
specific to their needs. specific to their needs.
Thus, API clients can be informed of both the high-level error class Thus, API clients can be informed of both the high-level error class
(using the status code) and the finer-grained details of the problem (using the status code) and the finer-grained details of the problem
(using one of these formats). (using one of these formats).
For example, consider a response that indicates that the client's For example, consider a response that indicates that the client's
account doesn't have enough credit. The 403 Forbidden status code account doesn't have enough credit. The 403 Forbidden status code
skipping to change at page 3, line 29 skipping to change at page 3, line 33
problem (e.g., "out of credit") with a URI [RFC3986]; HTTP APIs can problem (e.g., "out of credit") with a URI [RFC3986]; HTTP APIs can
do this by nominating new URIs under their control, or by reusing do this by nominating new URIs under their control, or by reusing
existing ones. existing ones.
Additionally, problem details can contain other information, such as Additionally, problem details can contain other information, such as
a URI that identifies the specific occurrence of the problem a URI that identifies the specific occurrence of the problem
(effectively giving an identifier to the concept "The time Joe didn't (effectively giving an identifier to the concept "The time Joe didn't
have enough credit last Thursday"), which can be useful for support have enough credit last Thursday"), which can be useful for support
or forensic purposes. or forensic purposes.
The data model for problem details is a JSON [RFC7159] object; when The data model for problem details is a JSON [RFC8259] object; when
formatted as a JSON document, it uses the "application/problem+json" formatted as a JSON document, it uses the "application/problem+json"
media type. Appendix A defines how to express them in an equivalent media type. Appendix B defines how to express them in an equivalent
XML format, which uses the "application/problem+xml" media type. XML format, which uses the "application/problem+xml" media type.
Note that problem details are (naturally) not the only way to convey Note that problem details are (naturally) not the only way to convey
the details of a problem in HTTP; if the response is still a the details of a problem in HTTP; if the response is still a
representation of a resource, for example, it's often preferable to representation of a resource, for example, it's often preferable to
accommodate describing the relevant details in that application's accommodate describing the relevant details in that application's
format. Likewise, in many situations, there is an appropriate HTTP format. Likewise, in many situations, there is an appropriate HTTP
status code that does not require extra detail to be conveyed. status code that does not require extra detail to be conveyed.
Instead, the aim of this specification is to define common error Instead, the aim of this specification is to define common error
formats for those applications that need one, so that they aren't formats for those applications that need one, so that they aren't
required to define their own, or worse, tempted to redefine the required to define their own, or worse, tempted to redefine the
semantics of existing HTTP status codes. Even if an application semantics of existing HTTP status codes. Even if an application
chooses not to use it to convey errors, reviewing its design can help chooses not to use it to convey errors, reviewing its design can help
guide the design decisions faced when conveying errors in an existing guide the design decisions faced when conveying errors in an existing
format. format.
2. Requirements 2. Requirements
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
document are to be interpreted as described in [RFC2119]. "OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. The Problem Details JSON Object 3. The Problem Details JSON Object
The canonical model for problem details is a JSON [RFC7159] object. The canonical model for problem details is a JSON [RFC8259] object.
When serialized as a JSON document, that format is identified with When serialized as a JSON document, that format is identified with
the "application/problem+json" media type. the "application/problem+json" media type.
For example, an HTTP response carrying JSON problem details: For example, an HTTP response carrying JSON problem details:
HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden
Content-Type: application/problem+json Content-Type: application/problem+json
Content-Language: en Content-Language: en
skipping to change at page 5, line 12 skipping to change at page 5, line 12
The ability to convey problem-specific extensions allows more than The ability to convey problem-specific extensions allows more than
one problem to be conveyed. For example: one problem to be conveyed. For example:
HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request
Content-Type: application/problem+json Content-Type: application/problem+json
Content-Language: en Content-Language: en
{ {
"type": "https://example.net/validation-error", "type": "https://example.net/validation-error",
"title": "Your request parameters didn't validate.", "title": "Your request parameters didn't validate.",
"invalid-params": [ { "invalid_params": [ {
"name": "age", "name": "age",
"reason": "must be a positive integer" "reason": "must be a positive integer"
}, },
{ {
"name": "color", "name": "color",
"reason": "must be 'green', 'red' or 'blue'"} "reason": "must be 'green', 'red' or 'blue'"}
] ]
} }
Note that this requires each of the subproblems to be similar enough Note that this requires each of the subproblems to be similar enough
to use the same HTTP status code. If they do not, the 207 (Multi- to use the same HTTP status code. If they do not, the 207 (Multi-
Status) [RFC4918] code could be used to encapsulate multiple status Status) code [RFC4918] could be used to encapsulate multiple status
messages. messages.
3.1. Members of a Problem Details Object 3.1. Members of a Problem Details Object
A problem details object can have the following members: Problem detail objects can have the following members. If the type
of a member's value does not match the specified type, the member
MUST be ignored -- i.e., processing will continue as if the member
had not been present.
* "type" (string) - A URI reference [RFC3986] that identifies the 3.1.1. "type"
problem type. This specification encourages that, when
dereferenced, it provide human-readable documentation for the
problem type (e.g., using HTML [HTML5]). When this member is not
present, its value is assumed to be "about:blank".
* "title" (string) - A short, human-readable summary of the problem The "type" member is a JSON string containing a URI reference
type. It SHOULD NOT change from occurrence to occurrence of the [RFC3986] that identifies the problem type. Consumers MUST use the
problem, except for purposes of localization (e.g., using "type" URI (after resolution, if necessary) as the primary identifier
proactive content negotiation; see [RFC7231], Section 3.4). for the problem type.
* "status" (number) - The HTTP status code ([RFC7231], Section 6) When this member is not present, its value is assumed to be
generated by the origin server for this occurrence of the problem. "about:blank".
* "detail" (string) - A human-readable explanation specific to this If the type URI is a locator (e.g., those with a "http" or "https"
occurrence of the problem. scheme), dereferencing it SHOULD provide human-readable documentation
for the problem type (e.g., using HTML [HTML5]). However, consumers
SHOULD NOT automatically dereference the type URI, unless they do so
in the course of providing information to developers (e.g., when a
debugging tool is in use).
* "instance" (string) - A URI reference that identifies the specific When "type" contains a relative URI, it is resolved relative to the
occurrence of the problem. It may or may not yield further document's base URI, as per [RFC3986], Section 5. However, using
information if dereferenced. relative URIs can cause confusion, and they might not be handled
correctly by all implementations.
Consumers MUST use the "type" string as the primary identifier for For example, if the two resources "https://api.example.org/foo/
the problem type; the "title" string is advisory and included only bar/123" and "https://api.example.org/widget/456" both respond with a
for users who are not aware of the semantics of the URI and do not "type" equal to the relative URI reference "example-problem", when
have the ability to discover them (e.g., offline log analysis). resolved they will identify different resources
Consumers SHOULD NOT automatically dereference the type URI. ("https://api.example.org/foo/bar/example-problem" and
"https://api.example.org/widget/example-problem" respectively). As a
result, it is RECOMMENDED that absolute URIs be used in "type" when
possible, and that when relative URIs are used, they include the full
path (e.g., "/types/123").
The type URI can also be a non-resolvable URI. For example, the tag
URI scheme [RFC4151] can be used to uniquely identify problem types:
tag:mnot@mnot.net,2021-09-17:OutOfLuck
Non-resolvable URIs ought not be used when there is some future
possibility that it might become desireable to do so. For example,
if the URI above were used in an API and later a tool was adopted
that resolves type URIs to discover information about the error,
taking advantage of that capability would require switching to a
resolvable URI, thereby creating a new identity for the problem type
and thus introducing a breaking change.
3.1.2. "status"
The "status" member is a JSON number indicating the HTTP status code
([HTTP], Section 15) generated by the origin server for this
occurrence of the problem.
The "status" member, if present, is only advisory; it conveys the The "status" member, if present, is only advisory; it conveys the
HTTP status code used for the convenience of the consumer. HTTP status code used for the convenience of the consumer.
Generators MUST use the same status code in the actual HTTP response, Generators MUST use the same status code in the actual HTTP response,
to assure that generic HTTP software that does not understand this to assure that generic HTTP software that does not understand this
format still behaves correctly. See Section 5 for further caveats format still behaves correctly. See Section 5 for further caveats
regarding its use. regarding its use.
Consumers can use the status member to determine what the original Consumers can use the status member to determine what the original
status code used by the generator was, in cases where it has been status code used by the generator was, in cases where it has been
changed (e.g., by an intermediary or cache), and when message bodies changed (e.g., by an intermediary or cache), and when message bodies
persist without HTTP information. Generic HTTP software will still persist without HTTP information. Generic HTTP software will still
use the HTTP status code. use the HTTP status code.
3.1.3. "title"
The "title" member is a JSON string containing a short, human-
readable summary of the problem type.
It SHOULD NOT change from occurrence to occurrence of the problem,
except for purposes of localization (e.g., using proactive content
negotiation; see [HTTP], Section 12.1).
The "title" string is advisory and included only for users who are
not aware of the semantics of the URI and do not have the ability to
discover them (e.g., offline log analysis).
3.1.4. "detail"
The "detail" member is a JSON string containing a human-readable
explanation specific to this occurrence of the problem.
The "detail" member, if present, ought to focus on helping the client The "detail" member, if present, ought to focus on helping the client
correct the problem, rather than giving debugging information. correct the problem, rather than giving debugging information.
Consumers SHOULD NOT parse the "detail" member for information; Consumers SHOULD NOT parse the "detail" member for information;
extensions are more suitable and less error-prone ways to obtain such extensions are more suitable and less error-prone ways to obtain such
information. information.
Note that both "type" and "instance" accept relative URIs; this means 3.1.5. "instance"
that they must be resolved relative to the document's base URI, as
per [RFC3986], Section 5. The "instance" member is a JSON string containing a URI reference
that identifies the specific occurrence of the problem.
When the "instance" URI is dereferenceable, the problem details
object can be fetched from it. It might also return information
about the problem occurrence in other formats through use of
proactive content negotiation (see [HTTP], Section 12.5.1).
When the "instance" URI is not dereferenceable, it serves as a unique
identifier for the problem occurrence that may be of significance to
the server, but is opaque to the client.
When "instance" contains a relative URI, it is resolved relative to
the document's base URI, as per [RFC3986], Section 5. However, using
relative URIs can cause confusion, and they might not be handled
correctly by all implementations.
For example, if the two resources "https://api.example.org/foo/
bar/123" and "https://api.example.org/widget/456" both respond with
an "instance" equal to the relative URI reference "example-instance",
when resolved they will identify different resources
("https://api.example.org/foo/bar/example-instance" and
"https://api.example.org/widget/example-instance" respectively). As
a result, it is RECOMMENDED that absolute URIs be used in "instance"
when possible, and that when relative URIs are used, they include the
full path (e.g., "/instances/123").
3.2. Extension Members 3.2. Extension Members
Problem type definitions MAY extend the problem details object with Problem type definitions MAY extend the problem details object with
additional members. additional members.
For example, our "out of credit" problem above defines two such For example, our "out of credit" problem above defines two such
extensions -- "balance" and "accounts" to convey additional, problem- extensions -- "balance" and "accounts" to convey additional, problem-
specific information. specific information.
skipping to change at page 7, line 36 skipping to change at page 9, line 14
Finally, an application might have a more appropriate way to carry an Finally, an application might have a more appropriate way to carry an
error in a format that it already defines. Problem details are error in a format that it already defines. Problem details are
intended to avoid the necessity of establishing new "fault" or intended to avoid the necessity of establishing new "fault" or
"error" document formats, not to replace existing domain-specific "error" document formats, not to replace existing domain-specific
formats. formats.
That said, it is possible to add support for problem details to That said, it is possible to add support for problem details to
existing HTTP APIs using HTTP content negotiation (e.g., using the existing HTTP APIs using HTTP content negotiation (e.g., using the
Accept request header to indicate a preference for this format; see Accept request header to indicate a preference for this format; see
[RFC7231], Section 5.3.2). [HTTP], Section 12.5.1).
New problem type definitions MUST document: New problem type definitions MUST document:
1. a type URI (typically, with the "http" or "https" scheme), 1. a type URI (typically, with the "http" or "https" scheme),
2. a title that appropriately describes it (think short), and 2. a title that appropriately describes it (think short), and
3. the HTTP status code for it to be used with. 3. the HTTP status code for it to be used with.
Problem type definitions MAY specify the use of the Retry-After Problem type definitions MAY specify the use of the Retry-After
response header ([RFC7231], Section 7.1.3) in appropriate response header ([HTTP], Section 10.2.3) in appropriate
circumstances. circumstances.
A problem's type URI SHOULD resolve to HTML [HTML5] documentation A problem's type URI SHOULD resolve to HTML [HTML5] documentation
that explains how to resolve the problem. that explains how to resolve the problem.
A problem type definition MAY specify additional members on the A problem type definition MAY specify additional members on the
problem details object. For example, an extension might use typed problem details object. For example, an extension might use typed
links [RFC5988] to another resource that can be used by machines to links [RFC8288] to another resource that can be used by machines to
resolve the problem. resolve the problem.
If such additional members are defined, their names SHOULD start with If such additional members are defined, their names SHOULD start with
a letter (ALPHA, as per [RFC5234], Appendix B.1) and SHOULD consist a letter (ALPHA, as per [RFC5234], Appendix B.1) and SHOULD consist
of characters from ALPHA, DIGIT ([RFC5234], Appendix B.1), and "_" of characters from ALPHA, DIGIT ([RFC5234], Appendix B.1), and "_"
(so that it can be serialized in formats other than JSON), and they (so that it can be serialized in formats other than JSON), and they
SHOULD be three characters or longer. SHOULD be three characters or longer.
4.1. Example 4.1. Example
skipping to change at page 8, line 42 skipping to change at page 10, line 24
If one isn't available, you could mint and document a new type URI If one isn't available, you could mint and document a new type URI
(which ought to be under your control and stable over time), an (which ought to be under your control and stable over time), an
appropriate title and the HTTP status code that it will be used with, appropriate title and the HTTP status code that it will be used with,
along with what it means and how it should be handled. along with what it means and how it should be handled.
In summary: an instance URI will always identify a specific In summary: an instance URI will always identify a specific
occurrence of a problem. On the other hand, type URIs can be reused occurrence of a problem. On the other hand, type URIs can be reused
if an appropriate description of a problem type is already available if an appropriate description of a problem type is already available
someplace else, or they can be created for new problem types. someplace else, or they can be created for new problem types.
4.2. Predefined Problem Types 4.2. Registered Problem Types
This specification reserves the use of one URI as a problem type: This specification defines the HTTP Problem Type registry for common,
widely-used problem type URIs, to promote reuse.
Registration requests are reviewed and approved by a Designated
Expert, as per [RFC8126], Section 4.5. A specification document is
appreciated, but not required.
When evaluating requests the Expert(s) should consider community
feedback, how well-defined the problem type is, and this
specification's requirements. Vendor-specific, application-specific,
and deployment-specific values are not registrable.
Registrations MAY use the prefix "https://iana.org/assignments/http-
problem-types#", and are encouraged to do so when a stable, neutral
URI is desirable.
Registration requests should use the following template:
* Type URI: [a URI for the problem type]
* Title: [a short description of the problem type]
* Recommended HTTP status code: [what status code is most
appropriate to use with the type]
* Reference: [to a specification defining the type]
See the registry at https://iana.org/assignments/http-problem-types
(https://iana.org/assignments/http-problem-types) for details on
where to send registration requests.
4.2.1. about:blank
This specification registers one Problem Type, "about:blank".
* Type URI: about:blank
* Title: See HTTP Status Code
* Recommended HTTP status code: N/A
* Reference: [this document]
The "about:blank" URI [RFC6694], when used as a problem type, The "about:blank" URI [RFC6694], when used as a problem type,
indicates that the problem has no additional semantics beyond that of indicates that the problem has no additional semantics beyond that of
the HTTP status code. the HTTP status code.
When "about:blank" is used, the title SHOULD be the same as the When "about:blank" is used, the title SHOULD be the same as the
recommended HTTP status phrase for that code (e.g., "Not Found" for recommended HTTP status phrase for that code (e.g., "Not Found" for
404, and so on), although it MAY be localized to suit client 404, and so on), although it MAY be localized to suit client
preferences (expressed with the Accept-Language request header). preferences (expressed with the Accept-Language request header).
skipping to change at page 9, line 44 skipping to change at page 12, line 18
disagreement might indicate that (for example) an intermediary has disagreement might indicate that (for example) an intermediary has
modified the HTTP status code in transit (e.g., by a proxy or cache). modified the HTTP status code in transit (e.g., by a proxy or cache).
As such, those defining problem types as well as generators and As such, those defining problem types as well as generators and
consumers of problems need to be aware that generic software (such as consumers of problems need to be aware that generic software (such as
proxies, load balancers, firewalls, and virus scanners) are unlikely proxies, load balancers, firewalls, and virus scanners) are unlikely
to know of or respect the status code conveyed in this member. to know of or respect the status code conveyed in this member.
6. IANA Considerations 6. IANA Considerations
This specification defines two new Internet media types [RFC6838]. Please update the "application/problem+json" and "application/
problem+xml" registrations in the Internet media types registry
6.1. application/problem+json [RFC6838]. to refer to this document.
Type name: application
Subtype name: problem+json
Required parameters: None
Optional parameters: None; unrecognized parameters should be ignored
Encoding considerations: Same as [RFC7159]
Security considerations: see Section 5 of this document
Interoperability considerations: None
Published specification: RFC 7807 (this document)
Applications that use this media type: HTTP
Fragment identifier considerations: Same as for application/json
([RFC7159])
Deprecated alias names for this type: n/a
Magic number(s): n/a
File extension(s): n/a
Macintosh file type code(s): n/a
Person and email address to contact for further information: Mark No
ttingham <mnot@mnot.net>
Intended usage: COMMON
Restrictions on usage: None.
Author: Mark Nottingham <mnot@mnot.net>
Change controller: IESG
6.2. application/problem+xml
Type name: application
Subtype name: problem+xml
Required parameters: None
Optional parameters: None; unrecognized parameters should be ignored
Encoding considerations: Same as [RFC7303]
Security considerations: see Section 5 of this document
Interoperability considerations: None
Published specification: RFC 7807 (this document)
Applications that use this media type: HTTP
Fragment identifier considerations: Same as for application/xml (as
specified by Section 5 of [RFC7303])
Deprecated alias names for this type: n/a
Magic number(s): n/a
File extension(s): n/a
Macintosh file type code(s): n/a
Person and email address to contact for further information: Mark No
ttingham <mnot@mnot.net>
Intended usage: COMMON
Restrictions on usage: None.
Author: Mark Nottingham <mnot@mnot.net>
Change controller: IESG Please create the HTTP Problem Types Registry, as specified in
Section 4.2, and populate it with "about:blank" as per Section 4.2.1.
7. References 7. References
7.1. Normative References 7.1. Normative References
[HTTP] Fielding, R. T., Nottingham, M., and J. Reschke, "HTTP
Semantics", Work in Progress, Internet-Draft, draft-ietf-
httpbis-semantics-19, 12 September 2021,
<https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-
semantics-19>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>. <https://www.rfc-editor.org/rfc/rfc2119>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005, RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/rfc/rfc3986>. <https://www.rfc-editor.org/rfc/rfc3986>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/rfc/rfc5234>. <https://www.rfc-editor.org/rfc/rfc5234>.
[RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March Writing an IANA Considerations Section in RFCs", BCP 26,
2014, <https://www.rfc-editor.org/rfc/rfc7159>. RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/rfc/rfc8126>.
[RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
Protocol (HTTP/1.1): Message Syntax and Routing", 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
RFC 7230, DOI 10.17487/RFC7230, June 2014, May 2017, <https://www.rfc-editor.org/rfc/rfc8174>.
<https://www.rfc-editor.org/rfc/rfc7230>.
[RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Protocol (HTTP/1.1): Semantics and Content", RFC 7231, Interchange Format", STD 90, RFC 8259,
DOI 10.17487/RFC7231, June 2014, DOI 10.17487/RFC8259, December 2017,
<https://www.rfc-editor.org/rfc/rfc7231>. <https://www.rfc-editor.org/rfc/rfc8259>.
[XML] Bray, T., Paoli, J., Sperberg-McQueen, M., Maler, E., and [XML] Bray, T., Paoli, J., Sperberg-McQueen, M., Maler, E., and
F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth
Edition)", World Wide Web Consortium Recommendation REC- Edition)", World Wide Web Consortium Recommendation REC-
xml-20081126, 26 November 2008, xml-20081126, 26 November 2008,
<https://www.w3.org/TR/2008/REC-xml-20081126>. <https://www.w3.org/TR/2008/REC-xml-20081126>.
7.2. Informative References 7.2. Informative References
[HTML5] Hickson, I., Berjon, R., Faulkner, S., Leithead, T., [HTML5] WHATWG, "HTML - Living Standard", n.d.,
Navara, E., O&#039;Connor, T., and S. Pfeiffer, "HTML5", <https://html.spec.whatwg.org>.
World Wide Web Consortium Recommendation REC-
html5-20141028, 28 October 2014, [I-D.draft-bhutton-json-schema-00]
<https://www.w3.org/TR/2014/REC-html5-20141028>. Wright, A., Andrews, H., Hutton, B., and G. Dennis, "JSON
Schema: A Media Type for Describing JSON Documents", Work
in Progress, Internet-Draft, draft-bhutton-json-schema-00,
8 December 2020, <https://datatracker.ietf.org/doc/html/
draft-bhutton-json-schema-00>.
[ISO-19757-2] [ISO-19757-2]
International Organization for Standardization, International Organization for Standardization,
"Information Technology -- Document Schema Definition "Information Technology -- Document Schema Definition
Languages (DSDL) -- Part 2: Grammar-based Validation -- Languages (DSDL) -- Part 2: Grammar-based Validation --
RELAX NG", ISO/IEC 19757-2, 2003. RELAX NG", ISO/IEC 19757-2, 2003.
[RDFA] Adida, B., Birbeck, M., McCarron, S., and I. Herman, "RDFa [RDFA] Adida, B., Birbeck, M., McCarron, S., and I. Herman, "RDFa
Core 1.1 - Second Edition", World Wide Web Consortium Core 1.1 - Third Edition", World Wide Web Consortium
Recommendation REC-rdfa-core-20130822, 22 August 2013, Recommendation REC-rdfa-core-20150317, 17 March 2015,
<https://www.w3.org/TR/2013/REC-rdfa-core-20130822>. <https://www.w3.org/TR/2015/REC-rdfa-core-20150317>.
[RFC4151] Kindberg, T. and S. Hawke, "The 'tag' URI Scheme",
RFC 4151, DOI 10.17487/RFC4151, October 2005,
<https://www.rfc-editor.org/rfc/rfc4151>.
[RFC4918] Dusseault, L., Ed., "HTTP Extensions for Web Distributed [RFC4918] Dusseault, L., Ed., "HTTP Extensions for Web Distributed
Authoring and Versioning (WebDAV)", RFC 4918, Authoring and Versioning (WebDAV)", RFC 4918,
DOI 10.17487/RFC4918, June 2007, DOI 10.17487/RFC4918, June 2007,
<https://www.rfc-editor.org/rfc/rfc4918>. <https://www.rfc-editor.org/rfc/rfc4918>.
[RFC5988] Nottingham, M., "Web Linking", RFC 5988,
DOI 10.17487/RFC5988, October 2010,
<https://www.rfc-editor.org/rfc/rfc5988>.
[RFC6694] Moonesamy, S., Ed., "The "about" URI Scheme", RFC 6694, [RFC6694] Moonesamy, S., Ed., "The "about" URI Scheme", RFC 6694,
DOI 10.17487/RFC6694, August 2012, DOI 10.17487/RFC6694, August 2012,
<https://www.rfc-editor.org/rfc/rfc6694>. <https://www.rfc-editor.org/rfc/rfc6694>.
[RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type [RFC6838] Freed, N., Klensin, J., and T. Hansen, "Media Type
Specifications and Registration Procedures", BCP 13, Specifications and Registration Procedures", BCP 13,
RFC 6838, DOI 10.17487/RFC6838, January 2013, RFC 6838, DOI 10.17487/RFC6838, January 2013,
<https://www.rfc-editor.org/rfc/rfc6838>. <https://www.rfc-editor.org/rfc/rfc6838>.
[RFC7303] Thompson, H. and C. Lilley, "XML Media Types", RFC 7303, [RFC8288] Nottingham, M., "Web Linking", RFC 8288,
DOI 10.17487/RFC7303, July 2014, DOI 10.17487/RFC8288, October 2017,
<https://www.rfc-editor.org/rfc/rfc7303>. <https://www.rfc-editor.org/rfc/rfc8288>.
[XSLT] Clark, J., Pieters, S., and H. Thompson, "Associating [XSLT] Clark, J., Pieters, S., and H. Thompson, "Associating
Style Sheets with XML documents 1.0 (Second Edition)", Style Sheets with XML documents 1.0 (Second Edition)",
World Wide Web Consortium Recommendation REC-xml- World Wide Web Consortium Recommendation REC-xml-
stylesheet-20101028, 28 October 2010, stylesheet-20101028, 28 October 2010,
<https://www.w3.org/TR/2010/REC-xml-stylesheet-20101028>. <https://www.w3.org/TR/2010/REC-xml-stylesheet-20101028>.
Appendix A. HTTP Problems and XML Appendix A. JSON Schema for HTTP Problems
This section presents a non-normative JSON Schema
[I-D.draft-bhutton-json-schema-00] for HTTP Problem Details. If
there is any disagreement between it and the text of the
specification, the latter prevails.
# NOTE: '\' line wrapping per RFC 8792
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "A problem object RFC 7807bis",
"type": "object",
"properties": {
"type": {
"type": "string",
"format": "uri-reference",
"description": "A URI reference RFC3986 that identifies the \
problem type."
},
"title": {
"type": "string",
"description": "A short, human-readable summary of the \
problem type. It SHOULD NOT change from occurrence to occurrence \
of the problem, except for purposes of localization (e.g., using \
proactive content negotiation; see RFC7231, Section 3.4)"
},
"status": {
"type": "integer",
"description": "The HTTP status code (RFC7231, Section 6) \
generated by the origin server for this occurrence of the problem.",
"minimum": 100,
"maximum": 599
},
"detail": {
"type": "string",
"description": "A human-readable explanation specific to \
this occurrence of the problem."
},
"instance": {
"type": "string",
"format": "uri-reference",
"description": "A URI reference that identifies the \
specific occurrence of the problem. It may or may not yield \
further information if dereferenced."
}
}
}
Appendix B. HTTP Problems and XML
Some HTTP-based APIs use XML [XML] as their primary format Some HTTP-based APIs use XML [XML] as their primary format
convention. Such APIs can express problem details using the format convention. Such APIs can express problem details using the format
defined in this appendix. defined in this appendix.
The RELAX NG schema [ISO-19757-2] for the XML format is as follows. The RELAX NG schema [ISO-19757-2] for the XML format is as follows.
Keep in mind that this schema is only meant as documentation, and not Keep in mind that this schema is only meant as documentation, and not
as a normative schema that captures all constraints of the XML as a normative schema that captures all constraints of the XML
format. Also, it would be possible to use other XML schema languages format. Also, it would be possible to use other XML schema languages
to define a similar set of constraints (depending on the features of to define a similar set of constraints (depending on the features of
skipping to change at page 15, line 4 skipping to change at page 17, line 21
<type>https://example.com/probs/out-of-credit</type> <type>https://example.com/probs/out-of-credit</type>
<title>You do not have enough credit.</title> <title>You do not have enough credit.</title>
<detail>Your current balance is 30, but that costs 50.</detail> <detail>Your current balance is 30, but that costs 50.</detail>
<instance>https://example.net/account/12345/msgs/abc</instance> <instance>https://example.net/account/12345/msgs/abc</instance>
<balance>30</balance> <balance>30</balance>
<accounts> <accounts>
<i>https://example.net/account/12345</i> <i>https://example.net/account/12345</i>
<i>https://example.net/account/67890</i> <i>https://example.net/account/67890</i>
</accounts> </accounts>
</problem> </problem>
Note that this format uses an XML namespace. This is primarily to Note that this format uses an XML namespace. This is primarily to
allow embedding it into other XML-based formats; it does not imply allow embedding it into other XML-based formats; it does not imply
that it can or should be extended with elements or attributes in that it can or should be extended with elements or attributes in
other namespaces. The RELAX NG schema explicitly only allows other namespaces. The RELAX NG schema explicitly only allows
elements from the one namespace used in the XML format. Any elements from the one namespace used in the XML format. Any
extension arrays and objects MUST be serialized into XML markup using extension arrays and objects MUST be serialized into XML markup using
only that namespace. only that namespace.
When using the XML format, it is possible to embed an XML processing When using the XML format, it is possible to embed an XML processing
instruction in the XML that instructs clients to transform the XML, instruction in the XML that instructs clients to transform the XML,
using the referenced XSLT code [XSLT]. If this code is transforming using the referenced XSLT code [XSLT]. If this code is transforming
the XML into (X)HTML, then it is possible to serve the XML format, the XML into (X)HTML, then it is possible to serve the XML format,
and yet have clients capable of performing the transformation display and yet have clients capable of performing the transformation display
human-friendly (X)HTML that is rendered and displayed at the client. human-friendly (X)HTML that is rendered and displayed at the client.
Note that when using this method, it is advisable to use XSLT 1.0 in Note that when using this method, it is advisable to use XSLT 1.0 in
order to maximize the number of clients capable of executing the XSLT order to maximize the number of clients capable of executing the XSLT
code. code.
Appendix B. Using Problem Details with Other Formats Appendix C. Using Problem Details with Other Formats
In some situations, it can be advantageous to embed problem details In some situations, it can be advantageous to embed problem details
in formats other than those described here. For example, an API that in formats other than those described here. For example, an API that
uses HTML [HTML5] might want to also use HTML for expressing its uses HTML [HTML5] might want to also use HTML for expressing its
problem details. problem details.
Problem details can be embedded in other formats either by Problem details can be embedded in other formats either by
encapsulating one of the existing serializations (JSON or XML) into encapsulating one of the existing serializations (JSON or XML) into
that format or by translating the model of a problem detail (as that format or by translating the model of a problem detail (as
specified in Section 3) into the format's conventions. specified in Section 3) into the format's conventions.
skipping to change at page 16, line 19 skipping to change at page 18, line 36
Acknowledgements Acknowledgements
The authors would like to thank Jan Algermissen, Subbu Allamaraju, The authors would like to thank Jan Algermissen, Subbu Allamaraju,
Mike Amundsen, Roy Fielding, Eran Hammer, Sam Johnston, Mike McCall, Mike Amundsen, Roy Fielding, Eran Hammer, Sam Johnston, Mike McCall,
Julian Reschke, and James Snell for review of this specification. Julian Reschke, and James Snell for review of this specification.
Authors' Addresses Authors' Addresses
Mark Nottingham Mark Nottingham
Prahran VIC Prahran
Australia Australia
Email: mnot@mnot.net Email: mnot@mnot.net
URI: https://www.mnot.net/ URI: https://www.mnot.net/
Erik Wilde Erik Wilde
Email: erik.wilde@dret.net Email: erik.wilde@dret.net
URI: http://dret.net/netdret/ URI: http://dret.net/netdret/
 End of changes. 41 change blocks. 
170 lines changed or deleted 269 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/