I am a C# dev, and his content is invaluable!

Nick Chapsas alt account confirmed

Also as of this comment, RFC-9457's status is still 'PROPOSED STANDARD'. So currently 7807 is still the standing standard.

RFC 9457 is that type can use a shared registry (most were already doing this), that validation errors has an errors array with description and they tried to be more clear. It's just a continuation of RFC 7807.

If you've separated your application layer from your presentation layer (API), then the validation will likely happen in the application layer, and that will not know anything about HttpResponses. So you're back to the same problem. How does your application layer return an error? Is that via an Exception, or some other tuple/result class. If you're in your controller anyway, you can return whenever you like, using whatever response class you like.

You should use a separate class for each response type and it's okay if they're different or the same. You can repy on the OpenApi schema to know what the response looks like on the client. Error responses should be standardized though for your API, preferably using ProblemDetails

@@Dustyy01 yeah this too.

If the exception really is an exception, i.e. there is something wrong, it is not thrown often and therefore should not have a great impact in most use-cases. What should be avoided is using exceptions for control flow. E.g. if you had a cache that would throw a NotFoundException if you pass a non-existent key and you would wrap that in try-catch and go to the DB in the catch or something like that

Like I said, I'm against it 100% but you know how it is. People still use it so I thought I'd show it

​Possible new part 2 showing a better way to do it without throwing exception ? Just an idea 💡

Your operation can't continue because a business rule is not met, how is that not exceptional to so many people?

​@@SuperLabeledTo most (including me) it's a violation of a defined requirement, not an unexpected exception. It's also easier to test imo.

@@SuperLabeled Exceptions should represent an unexpected error. Bad requests are part of normal app behaviour - not at all unexpected, thus not quite "exceptional". At least that's how I see it.

Easy way out sounds good. Is the harder way out better?

@aliengarden more customizable, and exceptions tend to be memory and flops heavy.

Don't go too fast, they're still busy with s4hana migration

A ProblemDetails response should also set the Content-Type header to "application/problem+json" so you'll know response is a problem details response.

​@@dylan8463 Thank you for the answer. I am more interested in the following part. For example, if I use Refit or just the base HttpClient, what should be the return type? Should it be Result, and should I create the result based on the header?

@@Suv3g00 Ah sorry I misinterpreted your question. Personally in a Blazor project I made my own EnsureSuccessStatusCode extension method that parses the problem details response and throws a custom problem details exception, when the response is not 2xx. You could do something similar with the Results pattern too.

The title and detail are in my case templated, localized strings that contain specific details to this occurrence of the error that is read by a human, while the type is a machine readable type for the error as it relates to my application, docs specify it should be an URI-like thing, like one type here is "employee/update/errors/inactive-department"

TraceId is used to track the flow of requests through multiple services, not for debugging individual application code.

They are used to follow the specific request in logs. The exception and stack trace are in your logs, alongside the trace ID.

@@Kwpolska So, in other words, you still need a log with some meaningful text, to see what happened. In that case, why not to use GUID/UUID? What is so special about TraceID if you need to "pair" it with a log?

@@martink.7497 Why invent your own ID if there's already TraceID? Plus, it is passed in HTTP request headers, so that you can correlate requests made from one service to the other.

The easiest way would probably be to use the Extensions dictionary on the ProblemDetails type and put it there (get the code from your domain exception or whatever you app has for this)

You Could set the Detail in problem details. If want more specific then like Nick did at 5:03, you could add a property using Extensions. For Example I add an array of error strings or a dictionary of error code string, description string. I generally just pass the domain error. So using ErrorOr I set the error code and error description, map that to a dictionary

I use a static class with an enum for error codes like USER_NOT_FOUND then use a (frozen) dictionary for error descriptions, one for each language. this class is in a shared project that the client and server use I'm gonna watch the video and see if there's a better way to do this.

If it's used more than once, usually standardize it in a Dto, extend problem details with custom error message/codes set. If UI needs a custom error message, that's on them, they can use status code and title, and ignore the message (did this for e.g. translation stuff). Most of the time your message text is the same in back-end and front-end though, since validation error will just be "Name is required" or something like that.

I think he did swap them accidentally

You need a monadic type with a succes and an error value often called an 'Either' (in C# another popular name is 'Result'). You then build a monadic pipeline where the input is the request and the output the response. First step is typically to transform the request into a valid request. You then continue with more transformations until you have the response. Notice that the success type can change at each transformation. However, the error type is always the same. In this context the error type can be a problem details or something that can be converted into a problem details. The validation method would take the request as the input and return either a valid request or a problem details (wrapped into the monad). Each subsequent transformation takes the succes type of the previous step as the input and produces a new success type for the next step. By the wonders of the bind operator you can then build a succinct data transformation pipeline using monads. At the end of the pipeline you match the value of the monad into perhaps a 200 OK payload or a problem details with varying HTTP status. Notice that validation often consists of many smaller steps that lends itself to be implemented using monads and doing that gives you nicely composable validation rules. Rules like "string is not empty" and "integer is positive" that return an 'Either' can be composed into more complex rules using the bind operator. Unfortunately, you might try this approach together with async methods and run into problems and that's because 'Task' also is a monad. Nested monads can be troublesome but there are ways to deal with that. It just require a bit more work but the end result can still be great.

@@MartinLiversage What is a bind operator in C#? Is it related to linq's SelectMany? Also, it would be terrific if you can point to a repo that illustrates this approach.

Same here, ironically enough

Go wash your mouth out with SOAP 😊

Agreed otherwise your force the integrator to handle multiple paths and parsing. Auth, validation, errors, and actual result

eeewww I hate APIs that do this. It's the worse

@@dylan8463 you probably dont handle all the possibilities in the ones you love

Unironically, yes. This standard basically adds nothing useful.

God forbid explaining why do you think that and what better alternative you have.

I was looking for something like this in the comments, isn't it bad practice to throw exceptions instead of returning something? Even Nick had mentioned it in an older video that it is.

@@dimitrislaliotis504 It's opinion, not bad practice.

@vonn9737 some say it's performance hit also

@@dimitrislaliotis504 Yes. I think Nick did a video on it, and found throwing exceptions were about 3 times slower than error handling without exceptions. But that doesn't make it bad practice, it's just a design consideration.

It comes down to how and where you use it. IF you throw exceptions for everything then yes, it's bad practice. IF you mange most of your error with results and have some corner cases/global handler with exceptions it shouldn't have a big impact.

It will on the update

Logging correlation. If you have multiple systems calling each other you can follow the entire flow. Works best if you use something more than just text files for logging, but even in a text file it is better than nothing.

It's even more terrible on Linux, especially with the watcher stuff

@@geraldmaale that's terrible

@hopkientran2534 yh, so I stick with VS Code as my possible (Linux and Windows) until I need some heavy refactoring to do. VS 2022 has also caught up a bit 😊

Define too much RAM usage. Is it causing actual out of memory usage issues for other processes? Lots of programs ask for more RAM than they need and will release it when the system requests it, this avoid fragmentation issues and means you get more efficient GC. There's a toggle for "show memory indicator", you can see use vs allocated, e.g. I am using 1.7GB/3.4GB (+1GB for back-end bit on top), you can lower this via "change memory settings", but 4GB is really not much for heap. If you have

then you're just hurting whoever is using the API, and they'll hunt and find you

Malicious actors aren't deterred by that. Only clients.

If you want to return more detail while developing locally and then restrict it once deployed to your server, you could inject IHostEnvironment and determine your environment and the level of detail you want to return. I would also suggest injecting ILogger and logging the exception so that once deployed, you can find the problem and the larger detail in your logs.

You also conditionally compile it with compiler directives. DEVs build the debug version that gives them more info and server build the prod version without the details.

Remember, there's no security in obscurity. Give just enough information in the details to help a client fix the error on his side (or help you debug the error), but not too many to help attackers.

if the concept of exception still same, exception usually faster but it has cost. exception basically an interrupt, it's order to system/thread pool "stop whatever you are doing, we have problem!". so throw exception for validation, it should faster but it's like saying "all of you, stop what you are doing, this guy send wrong character", it's unnecessary cost to the thread. throwing exception should be critical issue, such attempt access violation, etc.

It does not matter. You optimize the happy path, not the other way around. Unless you actually expect to be bombarded with a lot of bad requests. But then the question is: why is that?

In my testing I had about 5-20ms to return a Result, same request with exceptions took about 80ms on average and on initial throw it went up to 200ms+... for a simple NotFound response.

They do... as a matter of fact, the ControllerBase has a PropertyDetailsFactory property which you can use by creating a custom implementation, registering it, and then use the built-in Problem method to invoke it.

Datadog should only be handling uncaught exceptions, so stuff like user id doesn't exist on login are common ones and you'd use a key not found exception and should end up being grouped (be it by endpoint or type or both). For us, entire company moved off of datadog as just too expensive for what it is if have entire dev and devops team already to manage open telemetry and grafana dashboards (and can reuse most templates). If you're C#, often hosted on Azure, Azure Insights is also great.

Yeah every language should implement it in some way

@@nickchapsas I think they meant different human languages, not programming languages

Ok, all properties included in the standard use one-word-only names (e.g. 'status' instead of 'status_code'), so I guess they did think about this beforehand!

This is the coolest way possible

I've ran in this kind of shit so many times, I'm impressed how much effort is taken to develop this kind of shit

This in fact makes a lot of sense. It is not perse REST but more like RPC. I use it in all my services. When I get a 404, I know that it is infrastructure related, VPN issue, Firewall issue, Company policy, Azure Gateway issue or whathever, but has nothing to do with my service. I use UseCase driven development so my Usecase (like vertical slices) give a Response.success(response object), or Response.error(ERRORS.USER_NOT_FOUND....) which is not aware of infrastructure, so I can use that response to map it to HTTP responses or back to my CLI programm for example.

@@richard-t7c5o I'm very glad I'm not a consumer of your services then

Both, you code to check against the status code if error or not, title to map error if custom message, and if not pass the rest back/up the chain through systems and a human can read it at the end to know what the issue is. Just a 400 is going to be annoying, and lots did that because every error response was different, so couldn't easily map it, this solves that.

You don't seem to know what Problem details are then. They're just a standardized format so any system can at least read status and title. It's got extension members as part of the spec (rfc7807 3.2 "Extension Members"), usually add extra stuff there like traceId. The new RFC just adds "type" to a common registry schema, which most organizations were already doing to their own registry. I have yet to find a use-case where ProblemDetails or ValidationProblemDetails doesn't cover every use-case easily, all it's done is standardize that we write e.g. detail instead of details, and errors as error array instead of just error and then the other half uses errors in the same system.

I strongly disagree my friend. Dark mode is essencial on the screen age

@@afonsocarvalho3124 I agree with @mmuekk, dark mode is so much difficult, specially if it is sunny.

I would stop watching if he did light mode since i can't control that on my end in any way

At a lower resolution, sometimes, but for most of us as devs we have dark mode and usually better bandwidth, so much prefer not looking at a flashlight.

In case of error you can log the "description" so you don't have to go all the time to some manual with the mapping of codes-description.

@@GeorgeGeorge-u5k A well-named error code (aka string, enum) will tell you all you need without a description. We do it all the time in our code.

Depends what kind of error codes you return. If you return something like 1337 as error code then you need to document, include as description or have some other method to translate the error code. A named error code "WrongUnit" might be an option. But it is not really an enum but rather an enum name as string. Also the producer might have a lot of error codes which might be changed so logging the error description might be reasonable and not lazy. Anyway I do think it is good to have a unique error code so yuo can translate the error to the user (ithe rin non technical terms or actual translation to user's language)

@@Sayuri998 because the overhead is minimal for most systems, dumping the error into logs is the exact right thing to do with enough info that you can understand the entire error when looking at it later as dev, and you want the error descriptive enough that another dev integrating with your system can understand it/what the correct thing to do is (and avoid the support call).

@@Masterrunescapeer Right, but my argument is how is a web api different from directly calling a library method? We don't return error strings in our error objects. If the error code (a string, not a number) is clearly named, the developer will understand what it means. The first time they see it, they probably have to look it up in the documentation, but that's the same for an error string too. (And I would argue that you SHOULD look up errors when you see them.)

Then they will not know what happened or what to do

@dimitrislaliotis504 having a wrapper class of Response with a bool IsSuccess, T Data, and string Message is better imo

The client already has to handle many paths - they have to differentiate successful responses from errors. Returning a proper HTTP code makes this easier, as you don't have to parse the response to know whether it's an error or not. This also means that analyzing the error rate is easier, as you can use the web server's logs (which contain the HTTP status code)

@Daniel15au and 404 and why 304 how about 201. Why not just map every conceivable outcome so you can be as rest complaint as possible.

Client goes from handling a success message and any number of different error messages to handling just success and problem details. For e.g. front-end can check if not success, check title, if known title (or type with new one) and I want a specific error for that one, or pass through detail or just say error. This avoids the issue of e.g. "error" or "errors" or error being e.g. request param name. RFC9457/7807 both have a JSON object example.