| Bad Request
| The request was invalid. A descriptive error message will be sent within the response body.
|-
| 401
| Unauthorized
| The client has failed or not yet tried to authenticate.
|-
| 403
| Forbidden
| The client is not allowed to access the requested resource.
|-
|-
| 401409| UnauthorizedResource Conflict| The client has failed or not yet tried to authenticate. |-| 403| Forbidden| The client is not allowed to access State of the requested resourcedoesn't permit request.
|-
* the service must recognize <code>ETag</code>, <code>Last-Modified</code> and <code>Cache-Control: none</code> provided by the client and act accordingly.
* every answer to a GET request must include proper <code>Cache-Control</code> headers
* every PUT and PATCH request to update an object must include the <code>ETag</code> provided by the <code>GET</code> request to fetch the object initially. The API must respond with an <code>428 (Precondition Required)</code> if the ETag is missing.
''Implementation notes'':