A. APIs should definitely use HTTP status codes as part of being RESTful. For example, some times it makes sense to return just 200, but in other cases it makes more sense to return 201 (created), for a POST action for example.
B. Error messages in REST/API applications is indeed a topic that has a lot of confusion but also many do things different, but what's probably considered a standard is that you should always assign and provide an actual error code (i.e: ERR1234) for your errors so your users can easily reference it. If you're generous enough, you can also provide the textual representation of the error ("not enough credits"), or be verbose on what field validations failed for example.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
my 2 cents:
A. APIs should definitely use HTTP status codes as part of being RESTful. For example, some times it makes sense to return just 200, but in other cases it makes more sense to return 201 (created), for a POST action for example.
B. Error messages in REST/API applications is indeed a topic that has a lot of confusion but also many do things different, but what's probably considered a standard is that you should always assign and provide an actual error code (i.e: ERR1234) for your errors so your users can easily reference it. If you're generous enough, you can also provide the textual representation of the error ("not enough credits"), or be verbose on what field validations failed for example.