AC-746: Malformed request body or parameters cause "Internal Server Error"

sumesh-GL · sumesh-GL · commit 9e7dae9b9247 · 2025-07-03T14:55:42.000+05:30
Update API response, to change malformed param request to respond with 400 instead of 500
diff --git a/app/code/Magento/Webapi/Controller/Rest/SynchronousRequestProcessor.php b/app/code/Magento/Webapi/Controller/Rest/SynchronousRequestProcessor.php
@@ -94,16 +94,7 @@ public function process(\Magento\Framework\Webapi\Rest\Request $request)
         /**
          * @var \Magento\Framework\Api\AbstractExtensibleObject $outputData
          */
-        try {
-            $outputData = call_user_func_array([$service, $serviceMethodName], $inputParams);
-        } catch (\Exception $e) {
-            // Re-throw other exceptions as WebapiException with 400 status code
-            throw new WebapiException(
-                new Phrase($e->getMessage()),
-                0,
-                WebapiException::HTTP_BAD_REQUEST
-            );
-        }
+        $outputData = call_user_func_array([$service, $serviceMethodName], $inputParams);
 
         $outputData = $this->serviceOutputProcessor->process(
             $outputData,
diff --git a/lib/internal/Magento/Framework/Webapi/ErrorProcessor.php b/lib/internal/Magento/Framework/Webapi/ErrorProcessor.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2012 Adobe
+ * All rights reserved.
  */
 declare(strict_types=1);
 
@@ -43,6 +43,17 @@ class ErrorProcessor
 
     public const DATA_FORMAT_XML = 'xml';
 
+    /**
+     * Client error keywords
+     */
+    private const CLIENT_ERROR_KEYWORDS = [
+        'sqlstate',
+        'missing required',
+        'doesn\'t exist',
+        'not found',
+        'not authorized',
+    ];
+
     /**
      * @var \Magento\Framework\Json\Encoder $encoder
      */
@@ -145,6 +156,10 @@ public function maskException(\Exception $exception)
                 $stackTrace
             );
         } else {
+            // Check if this is a client error based on message content
+            $httpCode = ($this->isClientError($exception))
+                ? WebapiException::HTTP_BAD_REQUEST
+                : WebapiException::HTTP_INTERNAL_ERROR;
             $message = $exception->getMessage();
             $code = $exception->getCode();
             //if not in Dev mode, make sure the message and code is masked for unanticipated exceptions
@@ -157,7 +172,7 @@ public function maskException(\Exception $exception)
             $maskedException = new WebapiException(
                 new Phrase($message),
                 $code,
-                WebapiException::HTTP_INTERNAL_ERROR,
+                $httpCode,
                 [],
                 '',
                 null,
@@ -167,6 +182,21 @@ public function maskException(\Exception $exception)
         return $maskedException;
     }
 
+    /**
+     * Determine if an exception is a client error based on message content and context
+     *
+     * @param \Exception $exception
+     * @return bool
+     */
+    private function isClientError(\Exception $exception)
+    {
+        $message = strtolower($exception->getMessage());
+
+        return array_filter(self::CLIENT_ERROR_KEYWORDS, function($keyword) use ($message) {
+            return strpos($message, $keyword) !== false;
+        }) !== [];
+    }
+
     /**
      * Process API exception.
      *
