rfc9457.original   rfc9457.txt 
HTTPAPI M. Nottingham Internet Engineering Task Force (IETF) M. Nottingham
Internet-Draft Request for Comments: 9457
Obsoletes: 7807 (if approved) E. Wilde Obsoletes: 7807 E. Wilde
Intended status: Standards Track Category: Standards Track
Expires: 25 October 2023 S. Dalal ISSN: 2070-1721 S. Dalal
23 April 2023 July 2023
Problem Details for HTTP APIs Problem Details for HTTP APIs
draft-ietf-httpapi-rfc7807bis-07
Abstract Abstract
This document defines a "problem detail" to carry machine-readable This document defines a "problem detail" to carry machine-readable
details of errors in HTTP response content to avoid the need to details of errors in HTTP response content to avoid the need to
define new error response formats for HTTP APIs. define new error response formats for HTTP APIs.
This document obsoletes RFC 7807. This document obsoletes RFC 7807.
Discussion Venues
This note is to be removed before publishing as an RFC.
Source for this draft and an issue tracker can be found at
https://github.com/ietf-wg-httpapi/rfc7807bis.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This is an Internet Standards Track document.
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
This Internet-Draft will expire on 25 October 2023. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc9457.
Copyright Notice Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the Copyright (c) 2023 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents
license-info) in effect on the date of publication of this document. (https://trustee.ietf.org/license-info) in effect on the date of
Please review these documents carefully, as they describe your rights publication of this document. Please review these documents
and restrictions with respect to this document. Code Components carefully, as they describe your rights and restrictions with respect
extracted from this document must include Revised BSD License text as to this document. Code Components extracted from this document must
described in Section 4.e of the Trust Legal Provisions and are include Revised BSD License text as described in Section 4.e of the
provided without warranty as described in the Revised BSD License. Trust Legal Provisions and are provided without warranty as described
in the Revised BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction
2. Notational Conventions . . . . . . . . . . . . . . . . . . . 4 2. Requirements Language
3. The Problem Details JSON Object . . . . . . . . . . . . . . . 4 3. The Problem Details JSON Object
3.1. Members of a Problem Details Object . . . . . . . . . . . 6 3.1. Members of a Problem Details Object
3.1.1. "type" . . . . . . . . . . . . . . . . . . . . . . . 6 3.1.1. "type"
3.1.2. "status" . . . . . . . . . . . . . . . . . . . . . . 7 3.1.2. "status"
3.1.3. "title" . . . . . . . . . . . . . . . . . . . . . . . 7 3.1.3. "title"
3.1.4. "detail" . . . . . . . . . . . . . . . . . . . . . . 8 3.1.4. "detail"
3.1.5. "instance" . . . . . . . . . . . . . . . . . . . . . 8 3.1.5. "instance"
3.2. Extension Members . . . . . . . . . . . . . . . . . . . . 8 3.2. Extension Members
4. Defining New Problem Types . . . . . . . . . . . . . . . . . 9 4. Defining New Problem Types
4.1. Example . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.1. Example
4.2. Registered Problem Types . . . . . . . . . . . . . . . . 11 4.2. Registered Problem Types
4.2.1. about:blank . . . . . . . . . . . . . . . . . . . . . 11 4.2.1. about:blank
5. Security Considerations . . . . . . . . . . . . . . . . . . . 12 5. Security Considerations
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 6. IANA Considerations
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 7. References
7.1. Normative References . . . . . . . . . . . . . . . . . . 13 7.1. Normative References
7.2. Informative References . . . . . . . . . . . . . . . . . 13 7.2. Informative References
Appendix A. JSON Schema for HTTP Problems . . . . . . . . . . . 15 Appendix A. JSON Schema for HTTP Problems
Appendix B. HTTP Problems and XML . . . . . . . . . . . . . . . 16 Appendix B. HTTP Problems and XML
Appendix C. Using Problem Details with Other Formats . . . . . . 17 Appendix C. Using Problem Details with Other Formats
Appendix D. Changes from RFC 7807 . . . . . . . . . . . . . . . 18 Appendix D. Changes from RFC 7807
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 18 Acknowledgements
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses
1. Introduction 1. Introduction
HTTP status codes (Section 15 of [HTTP]) cannot always convey enough HTTP status codes (Section 15 of [HTTP]) cannot always convey enough
information about errors to be helpful. While humans using Web information about errors to be helpful. While humans using web
browsers can often understand an HTML [HTML5] response content, non- browsers can often understand an HTML [HTML5] response content, non-
human consumers of HTTP APIs have difficulty doing so. human consumers of HTTP APIs have difficulty doing so.
To address that shortcoming, this specification defines simple JSON To address that shortcoming, this specification defines simple JSON
[JSON] and XML [XML] document formats to describe the specifics of [JSON] and XML [XML] document formats to describe the specifics of a
problem(s) encountered -- "problem details". problem encountered -- "problem details".
For example, consider a response indicating that the client's account For example, consider a response indicating that the client's account
doesn't have enough credit. The API's designer might decide to use doesn't have enough credit. The API's designer might decide to use
the 403 Forbidden status code to inform HTTP-generic software (such the 403 Forbidden status code to inform generic HTTP software (such
as client libraries, caches, and proxies) of the response's general as client libraries, caches, and proxies) of the response's general
semantics. API-specific problem details (such as why the server semantics. API-specific problem details (such as why the server
refused the request and the applicable account balance) can be refused the request and the applicable account balance) can be
carried in the response content, so that the client can act upon them carried in the response content so that the client can act upon them
appropriately (for example, triggering a transfer of more credit into appropriately (for example, triggering a transfer of more credit into
the account). the account).
This specification identifies the specific "problem type" (e.g., "out This specification identifies the specific "problem type" (e.g., "out
of credit") with a URI [URI]. HTTP APIs can use URIs under their of credit") with a URI [URI]. HTTP APIs can use URIs under their
control to identify problems specific to them, or can reuse existing control to identify problems specific to them or can reuse existing
ones to facilitate interoperability and leverage common semantics ones to facilitate interoperability and leverage common semantics
(see Section 4.2). (see Section 4.2).
Problem details can contain other information, such as a URI Problem details can contain other information, such as a URI
identifying the problem's specific occurrence (effectively giving an identifying the problem's specific occurrence (effectively giving an
identifier to the concept "The time Joe didn't have enough credit identifier to the concept "The time Joe didn't have enough credit
last Thursday"), which can be useful for support or forensic last Thursday"), which can be useful for support or forensic
purposes. purposes.
The data model for problem details is a JSON [JSON] object; when The data model for problem details is a JSON [JSON] object; when
skipping to change at page 4, line 7 skipping to change at line 133
naturally fit the semantics of 4xx and 5xx responses. Note that naturally fit the semantics of 4xx and 5xx responses. Note that
problem details are (naturally) not the only way to convey the problem details are (naturally) not the only way to convey the
details of a problem in HTTP. If the response is still a details of a problem in HTTP. If the response is still a
representation of a resource, for example, it's often preferable to representation of a resource, for example, it's often preferable to
describe the relevant details in that application's format. describe the relevant details in that application's format.
Likewise, defined HTTP status codes cover many situations with no Likewise, defined HTTP status codes cover many situations with no
need to convey extra detail. need to convey extra detail.
This specification's aim is to define common error formats for This specification's aim is to define common error formats for
applications that need one so that they aren't required to define applications that need one so that they aren't required to define
their own, or worse, tempted to redefine the semantics of existing their own or, worse, tempted to redefine the semantics of existing
HTTP status codes. Even if an application chooses not to use it to HTTP status codes. Even if an application chooses not to use it to
convey errors, reviewing its design can help guide the design convey errors, reviewing its design can help guide the design
decisions faced when conveying errors in an existing format. decisions faced when conveying errors in an existing format.
See Appendix D for a list of changes from RFC 7807. See Appendix D for a list of changes from [RFC7807].
2. Notational Conventions 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in "OPTIONAL" in this document are to be interpreted as described in
BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. The Problem Details JSON Object 3. The Problem Details JSON Object
The canonical model for problem details is a JSON [JSON] object. The canonical model for problem details is a JSON [JSON] object.
skipping to change at page 5, line 46 skipping to change at line 222
}, },
{ {
"detail": "must be 'green', 'red' or 'blue'", "detail": "must be 'green', 'red' or 'blue'",
"pointer": "#/profile/color" "pointer": "#/profile/color"
} }
] ]
} }
The fictional problem type here defines the "errors" extension, an The fictional problem type here defines the "errors" extension, an
array that describes the details of each validation error. Each array that describes the details of each validation error. Each
member is an object containing "detail" to describe the issue, and member is an object containing "detail" to describe the issue and
"pointer" to locate the problem within the request's content using a "pointer" to locate the problem within the request's content using a
JSON Pointer [JSON-POINTER]. JSON Pointer [JSON-POINTER].
When an API encounters multiple problems that do not share the same When an API encounters multiple problems that do not share the same
type, it is RECOMMENDED that the most relevant or urgent problem be type, it is RECOMMENDED that the most relevant or urgent problem be
represented in the response. While it is possible to create generic represented in the response. While it is possible to create generic
"batch" problem types that convey multiple, disparate types, they do "batch" problem types that convey multiple, disparate types, they do
not map well into HTTP semantics. not map well into HTTP semantics.
Note also that the API has responded with the application/ Note also that the API has responded with the "application/
problem+json type, even though the client did not list it in Accept, problem+json" type, even though the client did not list it in Accept,
as is allowed by HTTP (see Section 12.5.1 of [HTTP]). as is allowed by HTTP (see Section 12.5.1 of [HTTP]).
3.1. Members of a Problem Details Object 3.1. Members of a Problem Details Object
Problem detail objects can have the following members. If a member's Problem detail objects can have the following members. If a member's
value type does not match the specified type, the member MUST be value type does not match the specified type, the member MUST be
ignored -- i.e., processing will continue as if the member had not ignored -- i.e., processing will continue as if the member had not
been present. been present.
3.1.1. "type" 3.1.1. "type"
skipping to change at page 6, line 49 skipping to change at line 270
When "type" contains a relative URI, it is resolved relative to the When "type" contains a relative URI, it is resolved relative to the
document's base URI, as per [URI], Section 5. However, using document's base URI, as per [URI], Section 5. However, using
relative URIs can cause confusion, and they might not be handled relative URIs can cause confusion, and they might not be handled
correctly by all implementations. correctly by all implementations.
For example, if the two resources "https://api.example.org/foo/ For example, if the two resources "https://api.example.org/foo/
bar/123" and "https://api.example.org/widget/456" both respond with a bar/123" and "https://api.example.org/widget/456" both respond with a
"type" equal to the relative URI reference "example-problem", when "type" equal to the relative URI reference "example-problem", when
resolved they will identify different resources resolved they will identify different resources
("https://api.example.org/foo/bar/example-problem" and ("https://api.example.org/foo/bar/example-problem" and
"https://api.example.org/widget/example-problem" respectively). As a "https://api.example.org/widget/example-problem", respectively). As
result, it is RECOMMENDED that absolute URIs be used in "type" when a result, it is RECOMMENDED that absolute URIs be used in "type" when
possible, and that when relative URIs are used, they include the full possible and that when relative URIs are used, they include the full
path (e.g., "/types/123"). path (e.g., "/types/123").
The type URI is allowed to be a non-resolvable URI. For example, the The type URI is allowed to be a non-resolvable URI. For example, the
tag URI scheme [TAG] can be used to uniquely identify problem types: tag URI scheme [TAG] can be used to uniquely identify problem types:
tag:example@example.org,2021-09-17:OutOfLuck tag:example@example.org,2021-09-17:OutOfLuck
However, resolvable type URIs are encouraged by this specification However, resolvable type URIs are encouraged by this specification
because it might become desirable to resolve the URI in the future. because it might become desirable to resolve the URI in the future.
For example, if an API designer used the URI above and later adopted For example, if an API designer used the URI above and later adopted
skipping to change at page 7, line 33 skipping to change at line 303
The "status" member, if present, is only advisory; it conveys the The "status" member, if present, is only advisory; it conveys the
HTTP status code used for the convenience of the consumer. HTTP status code used for the convenience of the consumer.
Generators MUST use the same status code in the actual HTTP response, Generators MUST use the same status code in the actual HTTP response,
to assure that generic HTTP software that does not understand this to assure that generic HTTP software that does not understand this
format still behaves correctly. See Section 5 for further caveats format still behaves correctly. See Section 5 for further caveats
regarding its use. regarding its use.
Consumers can use the status member to determine what the original Consumers can use the status member to determine what the original
status code used by the generator was when it has been changed (e.g., status code used by the generator was when it has been changed (e.g.,
by an intermediary or cache), and when a message's content is by an intermediary or cache) and when a message's content is
persisted without HTTP information. Generic HTTP software will still persisted without HTTP information. Generic HTTP software will still
use the HTTP status code. use the HTTP status code.
3.1.3. "title" 3.1.3. "title"
The "title" member is a JSON string containing a short, human- The "title" member is a JSON string containing a short, human-
readable summary of the problem type. readable summary of the problem type.
It SHOULD NOT change from occurrence to occurrence of the problem, It SHOULD NOT change from occurrence to occurrence of the problem,
except for localization (e.g., using proactive content negotiation; except for localization (e.g., using proactive content negotiation;
see [HTTP], Section 12.1). see [HTTP], Section 12.1).
The "title" string is advisory, and is included only for users who The "title" string is advisory and is included only for users who are
are both unaware of and cannot discover the semantics of the type URI unaware of and cannot discover the semantics of the type URI (e.g.,
(e.g., during offline log analysis). during offline log analysis).
3.1.4. "detail" 3.1.4. "detail"
The "detail" member is a JSON string containing a human-readable The "detail" member is a JSON string containing a human-readable
explanation specific to this occurrence of the problem. explanation specific to this occurrence of the problem.
The "detail" string, if present, ought to focus on helping the client The "detail" string, if present, ought to focus on helping the client
correct the problem, rather than giving debugging information. correct the problem, rather than giving debugging information.
Consumers SHOULD NOT parse the "detail" member for information; Consumers SHOULD NOT parse the "detail" member for information;
skipping to change at page 8, line 29 skipping to change at line 344
The "instance" member is a JSON string containing a URI reference The "instance" member is a JSON string containing a URI reference
that identifies the specific occurrence of the problem. that identifies the specific occurrence of the problem.
When the "instance" URI is dereferenceable, the problem details When the "instance" URI is dereferenceable, the problem details
object can be fetched from it. It might also return information object can be fetched from it. It might also return information
about the problem occurrence in other formats through use of about the problem occurrence in other formats through use of
proactive content negotiation (see [HTTP], Section 12.5.1). proactive content negotiation (see [HTTP], Section 12.5.1).
When the "instance" URI is not dereferenceable, it serves as a unique When the "instance" URI is not dereferenceable, it serves as a unique
identifier for the problem occurrence that may be of significance to identifier for the problem occurrence that may be of significance to
the server, but is opaque to the client. the server but is opaque to the client.
When "instance" contains a relative URI, it is resolved relative to When "instance" contains a relative URI, it is resolved relative to
the document's base URI, as per [URI], Section 5. However, using the document's base URI, as per [URI], Section 5. However, using
relative URIs can cause confusion, and they might not be handled relative URIs can cause confusion, and they might not be handled
correctly by all implementations. correctly by all implementations.
For example, if the two resources "https://api.example.org/foo/ For example, if the two resources "https://api.example.org/foo/
bar/123" and "https://api.example.org/widget/456" both respond with bar/123" and "https://api.example.org/widget/456" both respond with
an "instance" equal to the relative URI reference "example-instance", an "instance" equal to the relative URI reference "example-instance",
when resolved they will identify different resources when resolved they will identify different resources
("https://api.example.org/foo/bar/example-instance" and ("https://api.example.org/foo/bar/example-instance" and
"https://api.example.org/widget/example-instance" respectively). As "https://api.example.org/widget/example-instance", respectively). As
a result, it is RECOMMENDED that absolute URIs be used in "instance" a result, it is RECOMMENDED that absolute URIs be used in "instance"
when possible, and that when relative URIs are used, they include the when possible, and that when relative URIs are used, they include the
full path (e.g., "/instances/123"). full path (e.g., "/instances/123").
3.2. Extension Members 3.2. Extension Members
Problem type definitions MAY extend the problem details object with Problem type definitions MAY extend the problem details object with
additional members that are specific to that problem type. additional members that are specific to that problem type.
For example, our "out of credit" problem above defines two such For example, our out-of-credit problem above defines two such
extensions -- "balance" and "accounts" to convey additional, problem- extensions -- "balance" and "accounts" to convey additional, problem-
specific information. specific information.
Similarly, the "validation error" example defines an "errors" Similarly, the "validation error" example defines an "errors"
extension that contains a list of individual error occurrences found, extension that contains a list of individual error occurrences found,
with details and a pointer to the location of each. with details and a pointer to the location of each.
Clients consuming problem details MUST ignore any such extensions Clients consuming problem details MUST ignore any such extensions
that they don't recognize; this allows problem types to evolve and that they don't recognize; this allows problem types to evolve and
include additional information in the future. include additional information in the future.
skipping to change at page 9, line 27 skipping to change at line 388
When creating extensions, problem type authors should choose their When creating extensions, problem type authors should choose their
names carefully. To be used in the XML format (see Appendix B), they names carefully. To be used in the XML format (see Appendix B), they
will need to conform to the Name rule in Section 2.3 of [XML]. will need to conform to the Name rule in Section 2.3 of [XML].
4. Defining New Problem Types 4. Defining New Problem Types
When an HTTP API needs to define a response that indicates an error When an HTTP API needs to define a response that indicates an error
condition, it might be appropriate to do so by defining a new problem condition, it might be appropriate to do so by defining a new problem
type. type.
Before doing so, it's important to understand what they are good for, Before doing so, it's important to understand what they are good for
and what's better left to other mechanisms. and what is better left to other mechanisms.
Problem details are not a debugging tool for the underlying Problem details are not a debugging tool for the underlying
implementation; rather, they are a way to expose greater detail about implementation; rather, they are a way to expose greater detail about
the HTTP interface itself. Designers of new problem types need to the HTTP interface itself. Designers of new problem types need to
carefully take into account the Security Considerations (Section 5), carefully take into account the Security Considerations (Section 5),
in particular, the risk of exposing attack vectors by exposing in particular, the risk of exposing attack vectors by exposing
implementation internals through error messages. implementation internals through error messages.
Likewise, truly generic problems -- i.e., conditions that might apply Likewise, truly generic problems -- i.e., conditions that might apply
to any resource on the Web -- are usually better expressed as plain to any resource on the Web -- are usually better expressed as plain
skipping to change at page 10, line 7 skipping to change at line 417
"error" document formats, not to replace existing domain-specific "error" document formats, not to replace existing domain-specific
formats. formats.
That said, it is possible to add support for problem details to That said, it is possible to add support for problem details to
existing HTTP APIs using HTTP content negotiation (e.g., using the existing HTTP APIs using HTTP content negotiation (e.g., using the
Accept request header to indicate a preference for this format; see Accept request header to indicate a preference for this format; see
[HTTP], Section 12.5.1). [HTTP], Section 12.5.1).
New problem type definitions MUST document: New problem type definitions MUST document:
1. a type URI (typically, with the "http" or "https" scheme), 1. a type URI (typically, with the "http" or "https" scheme)
2. a title that appropriately describes it (think short), and 2. a title that appropriately describes it (think short)
3. the HTTP status code for it to be used with. 3. the HTTP status code for it to be used with
Problem type definitions MAY specify the use of the Retry-After Problem type definitions MAY specify the use of the Retry-After
response header ([HTTP], Section 10.2.3) in appropriate response header ([HTTP], Section 10.2.3) in appropriate
circumstances. circumstances.
A problem's type URI SHOULD resolve to HTML [HTML5] documentation A problem type URI SHOULD resolve to HTML [HTML5] documentation that
that explains how to resolve the problem. explains how to resolve the problem.
A problem type definition MAY specify additional members on the A problem type definition MAY specify additional members on the
problem details object. For example, an extension might use typed problem details object. For example, an extension might use typed
links [WEB-LINKING] to another resource that machines can use to links [WEB-LINKING] to another resource that machines can use to
resolve the problem. resolve the problem.
If such additional members are defined, their names SHOULD start with If such additional members are defined, their names SHOULD start with
a letter (ALPHA, as per [ABNF], Appendix B.1) and SHOULD comprise a letter (ALPHA, as per [ABNF], Appendix B.1) and SHOULD comprise
characters from ALPHA, DIGIT ([ABNF], Appendix B.1), and "_" (so that characters from ALPHA, DIGIT ([ABNF], Appendix B.1), and "_" (so that
it can be serialized in formats other than JSON), and they SHOULD be it can be serialized in formats other than JSON), and they SHOULD be
three characters or longer. three characters or longer.
4.1. Example 4.1. Example
For example, if you are publishing an HTTP API to your online For example, if you are publishing an HTTP API to your online
shopping cart, you might need to indicate that the user is out of shopping cart, you might need to indicate that the user is out of
credit (our example from above), and therefore cannot make the credit (our example from above) and therefore cannot make the
purchase. purchase.
If you already have an application-specific format that can If you already have an application-specific format that can
accommodate this information, it's probably best to do that. accommodate this information, it's probably best to do that.
However, if you don't, you might use one of the problem details However, if you don't, you might use one of the problem detail
formats -- JSON if your API is JSON-based, or XML if it uses that formats -- JSON if your API is JSON-based or XML if it uses that
format. format.
To do so, you might look in the registry (Section 4.2) for an To do so, you might look in the registry (Section 4.2) for an
already-defined type URI that suits your purposes. If one is already-defined type URI that suits your purposes. If one is
available, you can reuse that URI. available, you can reuse that URI.
If one isn't available, you could mint and document a new type URI If one isn't available, you could mint and document a new type URI
(which ought to be under your control and stable over time), an (which ought to be under your control and stable over time), an
appropriate title and the HTTP status code that it will be used with, appropriate title and the HTTP status code that it will be used with,
along with what it means and how it should be handled. along with what it means and how it should be handled.
4.2. Registered Problem Types 4.2. Registered Problem Types
This specification defines the HTTP Problem Type registry for common, This specification defines the "HTTP Problem Types" registry for
widely-used problem type URIs, to promote reuse. common, widely used problem type URIs, to promote reuse.
The policy for this registry is Specification Required, per The policy for this registry is Specification Required, per
[RFC8126], Section 4.6. [RFC8126], Section 4.6.
When evaluating requests, the Expert(s) should consider community When evaluating requests, the designated expert(s) should consider
feedback, how well-defined the problem type is, and this community feedback, how well-defined the problem type is, and this
specification's requirements. Vendor-specific, application-specific, specification's requirements. Vendor-specific, application-specific,
and deployment-specific values are not registerable. Specification and deployment-specific values are unable to be registered.
documents should be published in a stable, freely available manner Specification documents should be published in a stable, freely
(ideally located with a URL), but need not be standards. available manner (ideally located with a URL) but need not be
standards.
Registrations MAY use the prefix "https://iana.org/assignments/http- Registrations MAY use the prefix "https://iana.org/assignments/http-
problem-types#" for the type URI. Note that those URIs may not be problem-types#" for the type URI. Note that those URIs may not be
able to be resolved. able to be resolved.
Registration requests should use the following template: The following template should be used for registration requests:
* Type URI: [a URI for the problem type]
* Title: [a short description of the problem type]
* Recommended HTTP status code: [what status code is most
appropriate to use with the type]
* Reference: [to a specification defining the type] Type URI: [a URI for the problem type]
Title: [a short description of the problem type]
Recommended HTTP status code: [what status code is most appropriate
to use with the type]
Reference: [to a specification defining the type]
See the registry at https://iana.org/assignments/http-problem-types See the registry at <https://iana.org/assignments/http-problem-types>
(https://iana.org/assignments/http-problem-types) for details on for details on where to send registration requests.
where to send registration requests.
4.2.1. about:blank 4.2.1. about:blank
This specification registers one Problem Type, "about:blank". This specification registers one Problem Type, "about:blank", as
follows.
* Type URI: about:blank
* Title: See HTTP Status Code
* Recommended HTTP status code: N/A Type URI: about:blank
Title: See HTTP Status Code
Recommended HTTP status code: N/A
Reference: RFC 9457
* Reference: RFC nnnn
The "about:blank" URI [ABOUT], when used as a problem type, indicates The "about:blank" URI [ABOUT], when used as a problem type, indicates
that the problem has no additional semantics beyond that of the HTTP that the problem has no additional semantics beyond that of the HTTP
status code. status code.
When "about:blank" is used, the title SHOULD be the same as the When "about:blank" is used, the title SHOULD be the same as the
recommended HTTP status phrase for that code (e.g., "Not Found" for recommended HTTP status phrase for that code (e.g., "Not Found" for
404, and so on), although it MAY be localized to suit client 404, and so on), although it MAY be localized to suit client
preferences (expressed with the Accept-Language request header). preferences (expressed with the Accept-Language request header).
Please note that according to how the "type" member is defined Please note that according to how the "type" member is defined
skipping to change at page 12, line 45 skipping to change at line 545
status code itself, bringing the possibility of disagreement between status code itself, bringing the possibility of disagreement between
the two. Their relative precedence is not clear, since a the two. Their relative precedence is not clear, since a
disagreement might indicate that (for example) an intermediary has disagreement might indicate that (for example) an intermediary has
changed the HTTP status code in transit (e.g., by a proxy or cache). changed the HTTP status code in transit (e.g., by a proxy or cache).
Generic HTTP software (such as proxies, load balancers, firewalls, Generic HTTP software (such as proxies, load balancers, firewalls,
and virus scanners) are unlikely to know of or respect the status and virus scanners) are unlikely to know of or respect the status
code conveyed in this member. code conveyed in this member.
6. IANA Considerations 6. IANA Considerations
Please update the "application/problem+json" and "application/ In the "application" registry under the "Media Types" registry, IANA
problem+xml" registrations in the "Media Types" registry to refer to has updated the "application/problem+json" and "application/
this document. problem+xml" registrations to refer to this document.
Please create the "HTTP Problem Types" registry as specified in IANA has created the "HTTP Problem Types" registry as specified in
Section 4.2, and populate it with "about:blank" as per Section 4.2.1. Section 4.2 and populated it with "about:blank" as per Section 4.2.1.
7. References 7. References
7.1. Normative References 7.1. Normative References
[ABNF] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [ABNF] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/rfc/rfc5234>. <https://www.rfc-editor.org/info/rfc5234>.
[HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, [HTTP] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "HTTP Semantics", STD 97, RFC 9110, Ed., "HTTP Semantics", STD 97, RFC 9110,
DOI 10.17487/RFC9110, June 2022, DOI 10.17487/RFC9110, June 2022,
<https://www.rfc-editor.org/rfc/rfc9110>. <https://www.rfc-editor.org/info/rfc9110>.
[JSON] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data [JSON] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data
Interchange Format", STD 90, RFC 8259, Interchange Format", STD 90, RFC 8259,
DOI 10.17487/RFC8259, December 2017, DOI 10.17487/RFC8259, December 2017,
<https://www.rfc-editor.org/rfc/rfc8259>. <https://www.rfc-editor.org/info/rfc8259>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/rfc/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26, Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017, RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/rfc/rfc8126>. <https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/rfc/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[URI] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [URI] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005, RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/rfc/rfc3986>. <https://www.rfc-editor.org/info/rfc3986>.
[XML] Maler, E., Ed., Yergeau, F., Ed., Paoli, J., Ed., [XML] Bray, T., Paoli, J., Sperberg-McQueen, C. M., Maler, E.,
Sperberg-McQueen, M., Ed., and T. Bray, Ed., "Extensible and F. Yergeau, "Extensible Markup Language (XML) 1.0
Markup Language (XML) 1.0 (Fifth Edition)", W3C REC REC- (Fifth Edition)", W3C Recommendation REC-xml-20081126,
xml-20081126, W3C REC-xml-20081126, 26 November 2008, November 2008,
<https://www.w3.org/TR/2008/REC-xml-20081126/>. <https://www.w3.org/TR/2008/REC-xml-20081126/>.
7.2. Informative References 7.2. Informative References
[ABOUT] Moonesamy, S., Ed., "The "about" URI Scheme", RFC 6694, [ABOUT] Moonesamy, S., Ed., "The "about" URI Scheme", RFC 6694,
DOI 10.17487/RFC6694, August 2012, DOI 10.17487/RFC6694, August 2012,
<https://www.rfc-editor.org/rfc/rfc6694>. <https://www.rfc-editor.org/info/rfc6694>.
[HTML5] WHATWG, "HTML - Living Standard", n.d., [HTML5] WHATWG, "HTML: Living Standard",
<https://html.spec.whatwg.org>. <https://html.spec.whatwg.org>.
[ISO-19757-2] [ISO-19757-2]
International Organization for Standardization, ISO, "Information technology -- Document Schema Definition
"Information Technology -- Document Schema Definition Language (DSDL) -- Part 2: Regular-grammar-based
Languages (DSDL) -- Part 2: Grammar-based Validation -- validation -- RELAX NG", ISO/IEC 19757-2:2008, December
RELAX NG", ISO/IEC 19757-2, 2003. 2008, <https://www.iso.org/standard/52348.html>.
[JSON-POINTER] [JSON-POINTER]
Bryan, P., Ed., Zyp, K., and M. Nottingham, Ed., Bryan, P., Ed., Zyp, K., and M. Nottingham, Ed.,
"JavaScript Object Notation (JSON) Pointer", RFC 6901, "JavaScript Object Notation (JSON) Pointer", RFC 6901,
DOI 10.17487/RFC6901, April 2013, DOI 10.17487/RFC6901, April 2013,
<https://www.rfc-editor.org/rfc/rfc6901>. <https://www.rfc-editor.org/info/rfc6901>.
[JSON-SCHEMA] [JSON-SCHEMA]
Wright, A., Andrews, H., Hutton, B., and G. Dennis, "JSON Wright, A., Ed., Andrews, H., Ed., Hutton, B., Ed., and G.
Schema: A Media Type for Describing JSON Documents", Work Dennis, "JSON Schema: A Media Type for Describing JSON
in Progress, Internet-Draft, draft-bhutton-json-schema-01, Documents", Work in Progress, Internet-Draft, draft-
10 June 2022, <https://datatracker.ietf.org/doc/html/ bhutton-json-schema-01, 10 June 2022,
draft-bhutton-json-schema-01>. <https://datatracker.ietf.org/doc/html/draft-bhutton-json-
schema-01>.
[RDFA] Adida, B., Ed., Herman, I., Ed., Birbeck, M., Ed., and S. [RDFA] Adida, B., Birbeck, M., McCarron, S., and I. Herman, "RDFa
McCarron, Ed., "RDFa Core 1.1 - Third Edition", W3C REC Core 1.1 - Third Edition", W3C Recommendation, March 2015,
REC-rdfa-core-20150317, W3C REC-rdfa-core-20150317, 17
March 2015,
<https://www.w3.org/TR/2015/REC-rdfa-core-20150317/>. <https://www.w3.org/TR/2015/REC-rdfa-core-20150317/>.
[RFC7807] Nottingham, M. and E. Wilde, "Problem Details for HTTP
APIs", RFC 7807, DOI 10.17487/RFC7807, March 2016,
<https://www.rfc-editor.org/info/rfc7807>.
[TAG] Kindberg, T. and S. Hawke, "The 'tag' URI Scheme", [TAG] Kindberg, T. and S. Hawke, "The 'tag' URI Scheme",
RFC 4151, DOI 10.17487/RFC4151, October 2005, RFC 4151, DOI 10.17487/RFC4151, October 2005,
<https://www.rfc-editor.org/rfc/rfc4151>. <https://www.rfc-editor.org/info/rfc4151>.
[WEB-LINKING] [WEB-LINKING]
Nottingham, M., "Web Linking", RFC 8288, Nottingham, M., "Web Linking", RFC 8288,
DOI 10.17487/RFC8288, October 2017, DOI 10.17487/RFC8288, October 2017,
<https://www.rfc-editor.org/rfc/rfc8288>. <https://www.rfc-editor.org/info/rfc8288>.
[XSLT] Thompson, H., Ed., Clark, J., Ed., and S. Pieters, Ed., [XSLT] Clark, J., Pieters, S., and H. Thompson, "Associating
"Associating Style Sheets with XML documents 1.0 (Second Style Sheets with XML documents 1.0 (Second Edition)", W3C
Edition)", W3C REC REC-xml-stylesheet-20101028, W3C REC- Recommendation, October 2010,
xml-stylesheet-20101028, 28 October 2010,
<https://www.w3.org/TR/2010/REC-xml-stylesheet-20101028/>. <https://www.w3.org/TR/2010/REC-xml-stylesheet-20101028/>.
Appendix A. JSON Schema for HTTP Problems Appendix A. JSON Schema for HTTP Problems
This section presents a non-normative JSON Schema [JSON-SCHEMA] for This section presents a non-normative JSON Schema [JSON-SCHEMA] for
HTTP Problem Details. If there is any disagreement between it and HTTP problem details. If there is any disagreement between it and
the text of the specification, the latter prevails. the text of the specification, the latter prevails.
# NOTE: '\' line wrapping per RFC 8792 # NOTE: '\' line wrapping per RFC 8792
{ {
"$schema": "https://json-schema.org/draft/2020-12/schema", "$schema": "https://json-schema.org/draft/2020-12/schema",
"title": "An RFC7807 problem object", "title": "An RFC 7807 problem object",
"type": "object", "type": "object",
"properties": { "properties": {
"type": { "type": {
"type": "string", "type": "string",
"format": "uri-reference", "format": "uri-reference",
"description": "A URI reference that identifies the \ "description": "A URI reference that identifies the \
problem type." problem type."
}, },
"title": { "title": {
"type": "string", "type": "string",
skipping to change at page 16, line 30 skipping to change at line 717
& element detail { xsd:string }? & element detail { xsd:string }?
& element status { xsd:positiveInteger }? & element status { xsd:positiveInteger }?
& element instance { xsd:anyURI }? ), & element instance { xsd:anyURI }? ),
anyNsElement anyNsElement
} }
anyNsElement = anyNsElement =
( element ns:* { anyNsElement | text } ( element ns:* { anyNsElement | text }
| attribute * { text })* | attribute * { text })*
Note that this schema is only intended as documentation, and not as a Note that this schema is only intended as documentation and not as a
normative schema that captures all constraints of the XML format. It normative schema that captures all constraints of the XML format. It
is possible to use other XML schema languages to define a similar set is possible to use other XML schema languages to define a similar set
of constraints (depending on the features of the chosen schema of constraints (depending on the features of the chosen schema
language). language).
The media type for this format is "application/problem+xml". The media type for this format is "application/problem+xml".
Extension arrays and objects are serialized into the XML format by Extension arrays and objects are serialized into the XML format by
considering an element containing a child or children to represent an considering an element containing a child or children to represent an
object, except for elements that contain only child element(s) named object, except for elements containing only one or more child
'i', which are considered arrays. For example, the example above elements named "i", which are considered arrays. For example, the
appears in XML as follows: example above appears in XML as follows:
HTTP/1.1 403 Forbidden HTTP/1.1 403 Forbidden
Content-Type: application/problem+xml Content-Type: application/problem+xml
Content-Language: en Content-Language: en
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<problem xmlns="urn:ietf:rfc:7807"> <problem xmlns="urn:ietf:rfc:7807">
<type>https://example.com/probs/out-of-credit</type> <type>https://example.com/probs/out-of-credit</type>
<title>You do not have enough credit.</title> <title>You do not have enough credit.</title>
<detail>Your current balance is 30, but that costs 50.</detail> <detail>Your current balance is 30, but that costs 50.</detail>
skipping to change at page 17, line 31 skipping to change at line 757
This format uses an XML namespace, primarily to allow embedding it This format uses an XML namespace, primarily to allow embedding it
into other XML-based formats; it does not imply that it can or should into other XML-based formats; it does not imply that it can or should
be extended with elements or attributes in other namespaces. The be extended with elements or attributes in other namespaces. The
RELAX NG schema explicitly only allows elements from the one RELAX NG schema explicitly only allows elements from the one
namespace used in the XML format. Any extension arrays and objects namespace used in the XML format. Any extension arrays and objects
MUST be serialized into XML markup using only that namespace. MUST be serialized into XML markup using only that namespace.
When using the XML format, it is possible to embed an XML processing When using the XML format, it is possible to embed an XML processing
instruction in the XML that instructs clients to transform the XML, instruction in the XML that instructs clients to transform the XML,
using the referenced XSLT code [XSLT]. If this code is transforming using the referenced XSL Transformations (XSLT) code [XSLT]. If this
the XML into (X)HTML, then it is possible to serve the XML format, code is transforming the XML into (X)HTML, then it is possible to
and yet have clients capable of performing the transformation display serve the XML format, and yet have clients capable of performing the
human-friendly (X)HTML that is rendered and displayed at the client. transformation display human-friendly (X)HTML that is rendered and
Note that when using this method, it is advisable to use XSLT 1.0 in displayed at the client. Note that when using this method, it is
order to maximize the number of clients capable of executing the XSLT advisable to use XSLT 1.0 in order to maximize the number of clients
code. capable of executing the XSLT code.
Appendix C. Using Problem Details with Other Formats Appendix C. Using Problem Details with Other Formats
In some situations, it can be advantageous to embed problem details In some situations, it can be advantageous to embed problem details
in formats other than those described here. For example, an API that in formats other than those described here. For example, an API that
uses HTML [HTML5] might want to also use HTML for expressing its uses HTML [HTML5] might want to also use HTML for expressing its
problem details. problem details.
Problem details can be embedded in other formats either by Problem details can be embedded in other formats either by
encapsulating one of the existing serializations (JSON or XML) into encapsulating one of the existing serializations (JSON or XML) into
skipping to change at page 18, line 17 skipping to change at line 792
"type": "https://example.com/probs/out-of-credit", "type": "https://example.com/probs/out-of-credit",
"title": "You do not have enough credit.", "title": "You do not have enough credit.",
"detail": "Your current balance is 30, but that costs 50.", "detail": "Your current balance is 30, but that costs 50.",
"instance": "/account/12345/msgs/abc", "instance": "/account/12345/msgs/abc",
"balance": 30, "balance": 30,
"accounts": ["/account/12345", "accounts": ["/account/12345",
"/account/67890"] "/account/67890"]
} }
</script> </script>
or by defining a mapping into RDFa [RDFA]. or by defining a mapping into a Resource Description Framework in
Attributes (RDFa) [RDFA].
This specification does not make specific recommendations regarding This specification does not make specific recommendations regarding
embedding problem details in other formats; the appropriate way to embedding problem details in other formats; the appropriate way to
embed them depends both upon the format in use and application of embed them depends both upon the format in use and application of
that format. that format.
Appendix D. Changes from RFC 7807 Appendix D. Changes from RFC 7807
This revision has made the following changes: This revision has made the following changes:
 End of changes. 66 change blocks. 
168 lines changed or deleted 157 lines changed or added

This html diff was produced by rfcdiff 1.48.