Apex REST services without proper exception handling create several serious problems for your application and its users.
When exceptions occur in REST methods without try-catch blocks, Salesforce automatically generates error responses that may expose sensitive system
information. These default error messages can reveal internal implementation details, database schema information, or system configuration that
attackers could exploit.
Unhandled exceptions also result in generic HTTP 500 errors with unhelpful messages, making it difficult for API consumers to understand what went
wrong or how to fix their requests. This leads to poor developer experience and increased support burden.
Additionally, without explicit response handling, your API cannot provide consistent, well-structured responses. Modern REST APIs should return
appropriate HTTP status codes (200 for success, 400 for client errors, 500 for server errors) and structured JSON responses that help clients handle
both success and error scenarios gracefully.
Proper exception handling also enables better logging and monitoring, allowing you to track API usage patterns and identify issues before they
impact users.
What is the potential impact?
Unhandled exceptions in REST services can lead to information disclosure vulnerabilities where sensitive system details are exposed to external
callers. This creates security risks and may violate data protection requirements.
Poor error handling also degrades API reliability and user experience, potentially causing integration failures and increased support costs.
