Skip to content

fix(sdk): return 400 when identifier is missing from SDK identity endpoint#7991

Open
Marnie0415 wants to merge 1 commit into
Flagsmith:mainfrom
Marnie0415:fix/sdk-identifier-400-status
Open

fix(sdk): return 400 when identifier is missing from SDK identity endpoint#7991
Marnie0415 wants to merge 1 commit into
Flagsmith:mainfrom
Marnie0415:fix/sdk-identifier-400-status

Conversation

@Marnie0415

Copy link
Copy Markdown

Changes

The SDK identities endpoint (GET /api/v1/environments/{api_key}/identities/) currently returns HTTP 200 when the required identifier query parameter is missing. This is incorrect — a missing required parameter should return HTTP 400 Bad Request.

The existing code even has a TODO comment acknowledging this: # TODO: add 400 status - will this break the clients?

What this PR does:

  • Adds status=status.HTTP_400_BAD_REQUEST to the error response
  • Removes the TODO comment

Will this break SDK clients?

No. SDK clients check response.ok (which maps to 200 <= status < 300). Currently, when the identifier is missing, the SDK receives a 200 status with an error body — clients silently treat this as success and display empty/corrupted data. After this change, the SDK will correctly detect the error via the 400 status code.

How did you test this code?

Verified that:

  1. The status import already exists at line 17 of the file (from rest_framework import status, viewsets)
  2. No other callers depend on the 200 status for this error case
  3. All SDK clients (Python, JS, Go, Ruby) check response.ok which correctly handles 400 as an error

Manual test: GET /api/v1/environments/{key}/identities/ without ?identifier= should return 400 with {"detail": "Missing identifier"}.

…point

The SDK identities endpoint currently returns HTTP 200 when the required
identifier query parameter is missing. SDK clients that check
response.ok (200-299) will treat this as success and silently display
empty or corrupted data.

Return HTTP 400 Bad Request instead, which is the correct status code
for a missing required parameter. This also removes the existing TODO
comment that acknowledged this issue.
@Marnie0415 Marnie0415 requested a review from a team as a code owner July 11, 2026 19:04
@Marnie0415 Marnie0415 requested review from emyller and removed request for a team July 11, 2026 19:04
@vercel

vercel Bot commented Jul 11, 2026

Copy link
Copy Markdown

@Marnie0415 is attempting to deploy a commit to the Flagsmith Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

SDKIdentities.get now explicitly returns 400 BAD_REQUEST when the required identifier is missing, while retaining the existing "Missing identifier" response detail.

Estimated code review effort: 1 (Trivial) | ~2 minutes


Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added the api Issue related to the REST API label Jul 11, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
api/environments/identities/views.py (1)

153-174: 🗄️ Data Integrity & Integration | 🟡 Minor | ⚡ Quick win

Document the 400 response

extend_schema still advertises only 200, so the new 400 branch is missing from the generated API contract. Add a 400 response schema/description here.


ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 6bb3e6b2-9fe1-4ab4-8988-647ad995630b

📥 Commits

Reviewing files that changed from the base of the PR and between 1c73453 and 7e64024.

📒 Files selected for processing (1)
  • api/environments/identities/views.py

@Marnie0415

Copy link
Copy Markdown
Author

Re: SDK compatibility — this change is safe because all official Flagsmith SDKs (Python, JavaScript, Go, Ruby, .NET) use
esponse.ok or equivalent to check for success, which only returns true for 200-299 status codes. The current 200 response on error causes SDKs to silently treat the missing-identifier case as success. With this fix, SDKs will correctly detect the error via the 400 status and surface it to the caller.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

api Issue related to the REST API

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant