When the user enters data and submits that data, we pass it to the server using and XMLHttpRequest. But, if that data fails validation, we have to return a 400 level status code. I thought the appropriate code would be 403. However, my colleague doesn't agree but doesn't know which to use.
Which one would you use?
Thanks!
400 would be more correct, i.e. the request contained invalid data. 403 would imply some kind of permisions error, i.e. the request was well formed and correct but the action was not allowed. If i was writing code to consume a web service and i got a 403 error it would never occur to me that it was because i was sending invalid data, it would be very confusing indeed.