Server Implementation Questions

[Txuritan]

I'm writing a server implementation and have a some questions/thoughts that I have come up with as I worked:

1. The code property in the Error type is of type string, yet the examples show number, I assumed this to be an mistype but I wanted to bring it up.
2. How should the server respond during an error, should the Error type be used or just respond with a 500: Internal Server Error with no body?
3. Is there a reason that 405: Method Not Allowed is used as the example Validation error response, instead of 400: Bad Request?
4. Is there a reason api_key auth schema is not Authorization: Bearer? If not, should the header name not be Api-Key to keep in line with the header of the HTTP headers?
5. Why does GET /subscriptions/{guid} return a Validation error but not GET /subscriptions considering that route has query parameters? Or is that the wrong Error response to use for that?
6. GET /subscriptions/{guid} can respond with 410: Gone, is this used for when the subscription is deleted from the user's subscriptions or server? If user when should it respond with 410: Gone vs responding with the Subscription's deleted property set?
7. Whats the plan on podcast_auth OAuth schema, is the server acting as a OAuth provider? If not is there a plan to tell clients what providers a server supports?
8. On requests with a body (say POST subscriptions), is the Content-Type header required in the request? What should the server do if it wasn't, should it prioritize one over the other?
9. Should requests with Accept: application/xml be restricted to application/xml; charset=utf-8 or is there a need to support UTF-16 as well?

These were jotted down as I went, so do I apologize for how they are written.

[georgkrause]

Hi @Txuritan and thank you for your interest and feedback!

This looks like a pretty good list to go through and check. I will do this soonish and will get back to you!