HTTP conventions in API endpoints
Ensure that for any new endpoint, the status code is matched with the correct purpose:- Use `401 Unauthorized` for authentication failures (when credentials are missing or invalid)- Use `403 Forbidden` for authorization failures (when user is authenticated but lacks required permissions)- Use `404 Not Found` for resources that don't exist- Use `400 Bad Request` for invalid request parameters- Use `500 Internal Server Error` for server-side errorsBad:Install this rule for wispbit
Quick Install
Run this one command to automatically install the rule:
curl -fsSL https://wispbit.com/api/install?rule=flask-http-conventions | bash
Manual install
1
Copy the rule
---include: *.py---Ensure that for any new endpoint, the status code is matched with the correct purpose:- Use `401 Unauthorized` for authentication failures (when credentials are missing or invalid)- Use `403 Forbidden` for authorization failures (when user is authenticated but lacks required permissions)- Use `404 Not Found` for resources that don't exist- Use `400 Bad Request` for invalid request parameters- Use `500 Internal Server Error` for server-side errorsBad:```python# Wrong status code for permission error@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Permission denied"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 401 # Wrong code # ...```Good:```python# Correct status codes for different scenarios@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Authentication required"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 403 # Correct code # ...```2
Add the rule into your project
Save the copied content as:
.wispbit/rules/flask-http-conventions.mdInstall this rule for Coderabbit
Copy the configuration below and add it to your repository as .coderabbit.yml in your project root.
reviews: path_instructions: - path: "*.py" instructions: | Ensure that for any new endpoint, the status code is matched with the correct purpose: - Use `401 Unauthorized` for authentication failures (when credentials are missing or invalid) - Use `403 Forbidden` for authorization failures (when user is authenticated but lacks required permissions) - Use `404 Not Found` for resources that don't exist - Use `400 Bad Request` for invalid request parameters - Use `500 Internal Server Error` for server-side errors Bad: ```python # Wrong status code for permission error @app.route('/resource') def get_resource(): if not user.is_authenticated: return jsonify({"error": "Permission denied"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 401 # Wrong code # ... ``` Good: ```python # Correct status codes for different scenarios @app.route('/resource') def get_resource(): if not user.is_authenticated: return jsonify({"error": "Authentication required"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 403 # Correct code # ... ``` Install this rule for Greptile
Greptile rules can be added through the web interface. Please see this documentation for details on how to add custom rules and context.
Ensure that for any new endpoint, the status code is matched with the correct purpose:- Use `401 Unauthorized` for authentication failures (when credentials are missing or invalid)- Use `403 Forbidden` for authorization failures (when user is authenticated but lacks required permissions)- Use `404 Not Found` for resources that don't exist- Use `400 Bad Request` for invalid request parameters- Use `500 Internal Server Error` for server-side errorsBad:```python# Wrong status code for permission error@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Permission denied"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 401 # Wrong code # ...```Good:```python# Correct status codes for different scenarios@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Authentication required"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 403 # Correct code # ...```File Path Patterns:
*.py
Install this rule for GitHub Copilot
Copilot instructions can be added through the interface. See the documentation for details on how to create coding guidelines.
Ensure that for any new endpoint, the status code is matched with the correct purpose:- Use `401 Unauthorized` for authentication failures (when credentials are missing or invalid)- Use `403 Forbidden` for authorization failures (when user is authenticated but lacks required permissions)- Use `404 Not Found` for resources that don't exist- Use `400 Bad Request` for invalid request parameters- Use `500 Internal Server Error` for server-side errorsBad:```python# Wrong status code for permission error@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Permission denied"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 401 # Wrong code # ...```Good:```python# Correct status codes for different scenarios@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Authentication required"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 403 # Correct code # ...```File Path Patterns:
*.py
Install this rule for Graphite Diamond
Diamond custom rules can be added through the interface. See the documentation for details on how to create custom rules.
Ensure that for any new endpoint, the status code is matched with the correct purpose:- Use `401 Unauthorized` for authentication failures (when credentials are missing or invalid)- Use `403 Forbidden` for authorization failures (when user is authenticated but lacks required permissions)- Use `404 Not Found` for resources that don't exist- Use `400 Bad Request` for invalid request parameters- Use `500 Internal Server Error` for server-side errorsBad:```python# Wrong status code for permission error@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Permission denied"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 401 # Wrong code # ...```Good:```python# Correct status codes for different scenarios@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Authentication required"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 403 # Correct code # ...```File Path Patterns:
*.py
Use with Cline
Copy the rule below and ask Cline to review your code using this rule
Ensure that for any new endpoint, the status code is matched with the correct purpose:- Use `401 Unauthorized` for authentication failures (when credentials are missing or invalid)- Use `403 Forbidden` for authorization failures (when user is authenticated but lacks required permissions)- Use `404 Not Found` for resources that don't exist- Use `400 Bad Request` for invalid request parameters- Use `500 Internal Server Error` for server-side errorsBad:```python# Wrong status code for permission error@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Permission denied"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 401 # Wrong code # ...```Good:```python# Correct status codes for different scenarios@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Authentication required"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 403 # Correct code # ...```Use with OpenAI Codex
Copy the rule below and ask OpenAI Codex to review your code using this rule
Ensure that for any new endpoint, the status code is matched with the correct purpose:- Use `401 Unauthorized` for authentication failures (when credentials are missing or invalid)- Use `403 Forbidden` for authorization failures (when user is authenticated but lacks required permissions)- Use `404 Not Found` for resources that don't exist- Use `400 Bad Request` for invalid request parameters- Use `500 Internal Server Error` for server-side errorsBad:```python# Wrong status code for permission error@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Permission denied"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 401 # Wrong code # ...```Good:```python# Correct status codes for different scenarios@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Authentication required"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 403 # Correct code # ...```Use with Cursor
Copy the rule below and ask Cursor to review your code using this rule
Ensure that for any new endpoint, the status code is matched with the correct purpose:- Use `401 Unauthorized` for authentication failures (when credentials are missing or invalid)- Use `403 Forbidden` for authorization failures (when user is authenticated but lacks required permissions)- Use `404 Not Found` for resources that don't exist- Use `400 Bad Request` for invalid request parameters- Use `500 Internal Server Error` for server-side errorsBad:```python# Wrong status code for permission error@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Permission denied"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 401 # Wrong code # ...```Good:```python# Correct status codes for different scenarios@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Authentication required"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 403 # Correct code # ...```Use with Claude Code
Copy the rule below and ask Claude Code to review your code using this rule
Ensure that for any new endpoint, the status code is matched with the correct purpose:- Use `401 Unauthorized` for authentication failures (when credentials are missing or invalid)- Use `403 Forbidden` for authorization failures (when user is authenticated but lacks required permissions)- Use `404 Not Found` for resources that don't exist- Use `400 Bad Request` for invalid request parameters- Use `500 Internal Server Error` for server-side errorsBad:```python# Wrong status code for permission error@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Permission denied"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 401 # Wrong code # ...```Good:```python# Correct status codes for different scenarios@app.route('/resource')def get_resource(): if not user.is_authenticated: return jsonify({"error": "Authentication required"}), 401 if not user.has_permission('read_resource'): return jsonify({"error": "Permission denied"}), 403 # Correct code # ...```