So a user has sent a request for our API.

We've evaluated their query string, headers, and request format.

And of course, we've fetched the resources or collection that they wanted, now what?

Well, now we have to send them a response.

We'll, of course,

include the data, but we can send back quite a bit more information, too.

Like an HTTP request, an HTTP response also has headers.

In Postman, we can also view the response Headers.

The Content-Type header is used to specify what type of response is returned.

This should match the type that was requested.

For our treehouse example, when requesting the JSON format in the URL, or

the Accept header, the results are JSON.

When we remove this from the header and the URL,

the default Content-Type is HTML.

In the response Headers, we can see Access-Controls,

Cache-Controls, and many more.

Looking at the Status header, we come to another very important part of an API.

If you've been on the Internet for very long, you've probably come across a couple

of status codes like 200, 500, and the fairly common 404.

These status codes tells us a lot about the state of the bit of content,

and we can use them in an API to communicate the state of a request.

Generally, status codes are broken up into four chunks, each 100 numbers apart.

Status codes in the 200 to 299 range say that content is good and

everything is okay.

Some of these reference the fact that an action has been taken but

no error has happened.

For example, if a client posts a new record to a collection,

you'd want to use the 201 status code in your response

to let them know that the resource has been created.

Codes in the 300 to 399 range mean the request was understood,

but the requested resource is now located somewhere else.

These status codes are most often used to perform redirects to new URLs.

The third section,

status codes from 400 to 499 are errors typically generated by the client.

Maybe the request is wrongly constructed, which would be a 400.

Or it's for a resource that no longer exists, 404.

Or maybe there's a resource that only be read with Git and

no one is allowed to post, put or delete to it.

This should return a 405.

The 400 block is the largest of the HTTP status code blocks and

it's well worth looking over.

I'll put a link for more information in the teacher's notes.

Finally, let's talk about the 500 block.

Errors in the 500 to 599 range are all errors on the server's end.

The most used of these and the least descriptive is status code 500,

which just means that there's some sort of error on the server.

It's the equivalent of your server throwing up its hands and just quitting.

Look at the rest of the block though.

Because a lot of these are way better error messages than just sending

back a 500 to your client.

A lot of clients might handle all 500 block errors the same way.

But giving them better responses,

which will show up in their logs, makes you a better Internet citizen.

Again, I'll put a link in the teacher's notes.

Useful headers, correct status codes, appropriate format, and

useful data all combine to make a great HTTP response for an API.

But no Internet service is complete without one last,

very important ingredient, security.