---
uuid:
- fd8226b8-baf9-47d9-9137-1f76c1fc5bd2
attributedTo:
- bumblefudge
---

As written, the test-case [Outbox Servers handling activity submissions MUST return a 201 created HTTP status code](https://codeberg.org/socialweb.coop/activitypub-testing/src/branch/main/src/activitypub-tests/outbox-post-servers-must-return-a-201-created-http-code/outbox-post-servers-must-return-a-201-created-http-code.md#inputs) is only applicable when an outbox is both writeable (by some authorizable other actor, such as a server that authorizes one or more clients to send it writes via POST) and when that authorization can be expressed in an HTTP Authorization header (passed as an input to this test runner).  

It would be more precise and useful for conformance testing if there were additional options or logic to return specific results for other use-cases, such as, totally spitballing here:
- outboxes that are not writeable over HTTP (405 --> inapplicable?)
- outboxes that are writeable but that are not authorizable over HTTP-Authorization header (401 --> Can't tell[^1]?)
- authorization inputs that are invalid (403 --> `Authorization` input invalid?)
- etc. 

(As a web3 aficionado I feel obligated to mention that 402 exists, although I don't think the payment FEPs are far enough along for pay-per-post outboxes to be worth testing yet, hahaha.  maybe include a commented out `//402 TBD` reminder for years down the road?)

[^1]: https://www.w3.org/TR/EARL10-Schema/#CannotTell