DEV Community

loading...

Discussion on: RESTful Security: Plug the Leaks!

Collapse
mattcanello profile image
Mateus Canello Ottoni

I wrote an article about building better web APIs and I pointed out that I use a similar approach: return 404 not only when the resource does not exist, but also when it does exist and the authenticated user doesn't own it.