Http status code for bad params in post request

Question

I have a server in which the client can register itself as a device (like a mobile device). For the registration, the device must be associated with another resource (say an user) which is already registered on the server. To do that, the client sends a Http Post request to the server, with two params, its own ID and the associated resource ID.

I need to choose an Http Status code to return when the client ask the server to do some procedure and one of the resources indicated in the parameters are not found.

I suggested 404, but my professor said that 404 is used the resource associated to the URI is not found, not when you submit a well-formed request with bad parameters.

What is the most suitable http status and why would you choose?

Answer 1

In my opinion, it fits to:

400 - Bad Request

The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.

OR

403 - Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

Ref: fc2616

Answer 2

I would use 403 'Forbidden' - meaning, you are forbidden from accessing the page with the request you have sent