user24 12 years ago

Uh, before we all start getting our payment APIs to return 402s in a million different and incompatible scenarios, I'd urge everyone to remember what "reserved" means". It means "don't use this until we've defined it properly".

  • 3pt14159 12 years ago

    Meh. Just start doing things. Apple uses this code, YouTube uses this code (in the wrong way, I might add), it isn't the end of the world.

    • elros 12 years ago

      I don't know how Apple uses it, but at $dayjob we use it with the same semantics as YouTube: When we determine there's need to display a CAPTCHA.

fenesiistvan 12 years ago

This code is used a lot in SIP as a call disconnect reason when the caller doesn't have enough credit (SIP disconnect codes maps with http codes).

  • MichaelGG 12 years ago

    Actually, it's not used that much on high-volume systems. That's because a LOT of platforms treat 4xx as "user error" and will treat them as fatal.

    So call goes from TelcoA, to Reseller1. Reseller1 cleverly returns 402. TelcoA stops and doesn't failover, returns error to customer. TelcoA is unhappy, because they wanted to continue the call to Reseller2.

    Source: I work in wholesale telecom and this is exactly what every larger customer asks for. They must get a 5xx error (sometimes a 503 specifically), or their side won't continue hunting the call.

    402 and all the other fun stuff might be used in a more pure SIP environment, but I doubt it's used in any sort of significant % of actual SIP deployments. Actually, just like most of the spec. It's either confusing, useless ("Retry-After: 300 (I'm in a meeting)", or a security hole.

drsim 12 years ago

Shopify return 402 for a client's site when they haven't paid. I'm not sure of the exact criteria (grace period etc.).

It's very helpful as a provider of services to Shopify stores to know 'this prospect may not pay'. The average shopper doesn't know HTTP codes too, so it avoids tarnishing the shop's reputation if it was just an oversight.

spindritf 12 years ago

Not really useful until there's an integrated way for paying for a piece of content. Which most people probably won't use anyway, see: http auth.

  • michaelmior 12 years ago

    This gives more information than a 401 or 403, but agreed that it's use is still limited. Would make sense to return a 402 along with a redirect to a payment page.

    • mhurron 12 years ago

      > return a 402 along with a redirect

      So a 3xx error.

  • jakio 12 years ago

    Still useful for API's with mixed (paid & free) content, so you can keep a uniform URL structure.

    • NathanKP 12 years ago

      This is exactly what I've used the 402 code for. Some API routes are available to all users, but others require paid access. If a freemium user attempts to access API routes behind the "paywall" I return the 402 code.

  • ivoras 12 years ago

    > Not really useful until there's an integrated way for paying for a piece of content.

    Bitcoins could be the solution here.

kevinpet 12 years ago

As originally designed, HTTP was envisioned as much more an application level protocol rather than the transport layer we now use it as.

guard-of-terra 12 years ago

Allofmp3.com used 402 when you batch-downloaded music and your credit ran out.

When it still was all rage :)

currysausage 12 years ago

Speaking of little-known status codes: 503 Service Unavailable should always be used in maintenance scenarios. 404s tell users to delete the bookmark and Google to remove the page from the index.

  • chrismorgan 12 years ago

    You meant 410 (Gone), not 404 (Not Found). Also people should bear in mind that 410 should be used cautiously.

    • sbierwagen 12 years ago

      On bbot.org I return 410 on robots.txt, for tedious ideological reasons. Doesn't stop spiders requesting it, of course, since that check is probably hard-coded.

    • currysausage 12 years ago

      I did mean 404. When people or spiders encounter a 404 twice, they will assume the resource is Gone (although a 404 doesn't technically tell them that it is, sure, sorry I didn't make that clearer: "No indication is given of whether the condition is temporary or permanent.")

      A real 410 would obviously be even worse, but that won't usually happen by accident. When my server/app crashes and I'm working on restoring the configuration, in the meantime, it will usually show a 404. And that's bad.

      • chrismorgan 12 years ago

        404 does not instruct users to delete bookmarks, whereas 410 is the code with approximately those semantics.

ivank 12 years ago

YouTube responds with a 402 whenever they show a CAPTCHA.

  • Cthulhu_ 12 years ago

    You could say some effort on the user's part is payment, yeah. Makes sense.

dfc 12 years ago

If you download too many videos with youtube-dl you can get this response from yt.com. Currently there is an open bug to handle this gracefully:

Handle youtube CAPTCHAs (402 errors) gracefully: https://github.com/rg3/youtube-dl/issues/154

grn 12 years ago

I once led a scraping proxy project that required users to be registered in order to access it. When someone unauthorised tried to use it 402 was returned with a message body giving a bank account number that was a concatenation of consecutive prime numbers. I wonder whether I made someone rich by accident.

jayd16 12 years ago

If your IT director forgets to pay Artifactory, you'll have to turn on verbose logging in maven to see that they're returning a 402 when you try to build your code.

Speaking from experience... -_-;

brbcoding 12 years ago

Funny this should show up today. Just got this error yesterday on one of our properties from maxmind, and sure enough, it was a payment issue. First time I'd seen it in use.

doki_pen 12 years ago

If you are writing web applications and haven't at least skimmed through the HTTP RFCs, then you worry me deeply.

harrisonpowers 12 years ago

Would be great to use in APIs, but some networks truncate 4xx status codes.

  • chrismorgan 12 years ago

    Really? Can you give a concrete example of the behaviour observed? (I care as I’m writing the HTTP libraries for Rust.)