What's an appropriate HTTP status code to return by a REST API service for an expired entity?

Question

Let's say we have an online shop and receive a valid request of updating some order.

The request is valid by itself, but let's say that the order has an expiration time, and it has already expired, so this request is unprocessable in fact.

I doubt if it is a kind of validation error or not. Because, as I stated above, the request itself is valid; and a request sender might not know that order has already expired.

What's an appropriate HTTP status code to return by a REST API service for such a situation?

Warning: Due to the general requirements for the product, it should be some of 4XX error codes!

UPD: More information: this putative "order" still exists, even being expired. It is possible to retrieve it, but it is not possible to operate it anymore. That's why the code 404 (for example) is not appropriate.

Answer 1

My own version:

I think that for such situation the 410 status code is most appropriate:

The 410 response is primarily intended to assist the task of web
maintenance by notifying the recipient that the resource is
intentionally unavailable and that the server owners desire that
remote links to that resource be removed. Such an event is common
for limited-time, promotional services and for resources belonging to individuals no longer associated with the origin server's site. It
is not necessary to mark all permanently unavailable resources as
"gone" or to keep the mark for any length of time -- that is left to
the discretion of the server owner.

https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html:

The requested resource is no longer available at the server and no forwarding address is known. This condition is expected to be considered permanent. Clients with link editing capabilities SHOULD delete references to the Request-URI after user approval. If the server does not know, or has no facility to determine, whether or not the condition is permanent, the status code 404 (Not Found) SHOULD be used instead. This response is cacheable unless indicated otherwise

Answer 2

Use 410 Gone.

The target resource is no longer available at the origin server and that this condition is likely to be permanent.

Answer 3

I would choose one of these: 400 - Bad request 410 - Gone

from : https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Answer 4

I'll say that 400 fits better than 410.

IMO 410 (Gone) doesn't fit because the resource is not gone. It's still there, simply in kind of a final (in this case expired) state.

400 means BadRequest. Per my interpretation, trying to UPDATE something, that is not updatable (trying to update expired item) is a BadRequest.

I believe, that 400 is not only for badly formatted requests, but also for requests that does not meet internal business logic validation (in this case, not updating an expired item, is an internal business logic).