I'm pretty familiar with rest apis, but today I was asked this: "what if a resource exists but it's content have been blocked for some reason?"
example:
try to retrieve users/18
but user with id 18 has been banned/blocked/whatever.
I think the best answer would be to return 204, but how to also inform the client of the reason for the resource is not available to you?
is there a best practice for that?
I think the best answer would be to return 204, but how to also inform the client of the reason for the resource is not available to you?
No, 204 isn't a good choice -- in particular because 204 cannot contain a message body.
I would expect either
The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it. A server that wishes to make public why the request has been forbidden can describe that reason in the response payload (if any).
An origin server that wishes to "hide" the current existence of a forbidden target resource MAY instead respond with a status code of 404 (Not Found).
451 Unavailable For Legal Reasons
This status code indicates that the server is denying access to the resource as a consequence of a legal demand.