What is the HTTP status code for License limit reached
There's no HTTP status code for quota exceeded, however there are a few HTTP status code that would be suitable for this situation provided you add a good description in the response payload.
If the quota of requests has been exceeded, but more requests could be performed upon a payment, you could consider the 402
status code (even though the documentation says it's reserved for future use, its reason phrase is pretty clear and defines well its purpose):
6.5.2. 402 Payment Required
The
402
(Payment Required) status code is reserved for future use.
You could use 403
to indicate the request is forbidden when the quota of requests has been exceeded. A good description in the request payload is always welcome:
6.5.3. 403 Forbidden
The
403
(Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any). [..]
If you are applying restrictions on the number of requests per hour/day, the 429
status code may be suitable for your needs (however this status code is used by a server to indicate that too many requests have been received in a short amount of time, that is, the client is throttling):
4. 429 Too Many Requests
The
429
status code indicates that the user has sent too many requests in a given amount of time ("rate limiting").The response representations SHOULD include details explaining the condition, and MAY include a
Retry-After
header indicating how long to wait before making a new request.For example:
HTTP/1.1 429 Too Many Requests Content-Type: text/html Retry-After: 3600 <html> <head> <title>Too Many Requests</title> </head> <body> <h1>Too Many Requests</h1> <p>I only allow 50 requests per hour to this Web site per logged in user. Try again soon.</p> </body> </html>
Note that this specification does not define how the origin server identifies the user, nor how it counts requests. For example, an origin server that is limiting request rates can do so based upon counts of requests on a per-resource basis, across the entire server, or even among a set of servers. Likewise, it might identify the user by its authentication credentials, or a stateful cookie.
Responses with the
429
status code MUST NOT be stored by a cache.
The HTTP status codes are extensible. If the aboved mentioned status codes do not fit your needs, you could create your own status. Since it's a client error, the new status code should be in the 4xx
range.
422 Unprocessable Entity should work in this case. The request itself is well formed sytactically. The problem is in the current conditions, because the user reached the limit. The error response should be helpful how to solve this status quo. https://httpstatuses.com/422
My second bet is 409 Conflict but is tied to versioning and colliding changes. https://httpstatuses.com/409
I think that is a "Business logic error" and 422 Unprocessable Entity, can be better.
The HyperText Transfer Protocol (HTTP) 422 Unprocessable Entity response status code indicates that the server understands the content type of the request entity, and the syntax of the request entity is correct, but it was unable to process the contained instructions.
See documentation