[jto1218]

Shopify’s REST API returns 402s when the shop whose data you’re interacting with hasn’t paid its Shopify bill. Always thought it was an interesting usage cause the payment-required relationship is between the shop and Shopify, as opposed to the shop and the application hitting the API.

[OJFord]

Actually I'm not sure that is interesting - from Shopify's perspective it is payment-required. If the shop's dodgy JS sent a malformed request body, you'd get a 400 - even though the bad-request relationship is between the shop and Shopify.

[kedean]

It does violate the contract of 4xx errors though, that a 4xx indicates a client error. If the store hasn't paid up, that's not the clients fault nor can they fix it. It should be some kind of 5xx for customers.

[krainboltgreene]

If an admin disables your account by accident, that's still a 401. Just because the client can't change something, doesn't mean it doesn't fit along with the 4XX brand.

[takeda]

401 means authentication is required. If Shopify is sending that to clients, because admin disabled access, that's just another example of abusing the error codes

[pyuser583]

Yeah ... current practice treats the need for payment as a permissions issue and thus 403.

But in Shopify’s case, the client has no permissions problem.

What you’re describing really is a 500-range issue ... or even an old fashioned 404.

Like I said on another comment, this really is a header or body issue.

[mewpmewp2]

Yeah I am thinking 503 to be the most appropriate.