There are two methods
1.status_code is all 200, the response body is as follows:
成功

{
  errcode: 0,
  errmsg: null,
  data: obj // 数据主体
}

失败

{
  errcode: 1, // 具体错误代码
  errmsg: '账号错误',
}

2. Process according to different status_code (recommended)
成功(2xx) and return the data directly without additional packaging

[]// 或者{}

失败(4xx,5xx), return errcode and errmsg

{
  errcode: 1,
  errmsg: '账号或密码错误',
}

{status:200,msg:'',data:{}} This should be the return result written by you in the API. For example, the servlet returns a json string containing these 3 fields. In other words, the front end can only read this information when your api returns successfully. If the request fails and cannot be read, you can try requesting a wrong URL from the front end

In fact, if it is standardized, it should be returned like this
header('HTTP/1.0 401 Unauthorized');
header('HTTP/1.0 403 Forbidden');

However, in actual situations, many people will not be so standardized.
Even GET requests and POST requests are being mixed, so how can we talk about standards?

Originally, it should be done according to the regulations, but domestic telecom operators may hijack the redirect. For example, if you return 404, the operator may redirect you to their own navigation website, which would be embarrassing.

The data returned by your interface and the http response are two different things

The code returned by the interface is predetermined. You can set it however you want.

The information you are checking is the status code of the http response and has nothing to do with the return from your interface

Business error code 4xx
Success 200 - 204
System error 5xx