API GW should adhere to "Accept" header dictates as much as possible

[mdeuser]

Here is one specific example, although other scenarios likely have the same issue.

1. Create an API that is configured with "Require applications to authenticate via API key" enabled.
2. Invoke the API using curl, but specifying the "Accept" media type as something besides application/json
3. A 401 is returns with a JSON body and "Content-Type" value of application/json

>curl https://service.us.apiconnect.ibmcloud.com/gws/apigateway/api/API-UNIQUE-ID/API-PATH -H "Accept: application/xml"

{"status":401,"message":"Error: Unauthorized"}

[mhamann]

So, in your scenario, let's say you pass an Accept header of text/html. If an API key is required, the gateway responds with 401, but what Content-Type is the response body?

PRs are welcome, btw ;-)

[mdeuser]

I guess the server might be able to support a few "standard" media types and respond with the one that matches the request Accept header. If a server is unable to adhere to the requests Accept set of media types, should it return a 406?

[mhamann]

I think 406 isn't terribly useful, since we don't know exactly what types are allowable and it would be preferable to tell the caller why the call failed even if it's in a format they didn't ask for. Since we'd set the Content-Type to whatever is being returned (which would be application/json by default), then the caller should be prepared to handle that case.