My use-case is that a given user can only make one resource with a given checksum. This checksum is provided in the Repr-Digest header in the initial request and validated on upload completion. The resource URI itself is not a checksum, but a UUID. Once the client has created the resource with the initial POST request, it should either complete it (possibly in multiple parts) or cancel it. Once cancelled, the user is allowed to create a new resource with a different UUID for the same checksum.

The spec is clear enough that a complete resource should not be modified and provides a response to use for this case. However, what should happen if the client creates this resource without completing it, then tries to create it again?

• Should it be rejected with a 400 code?
• Should it cause the incomplete resource to be invalidated?
• Should it include a Location header to direct it to the existing resource?
• Should it truncate the existing resource and start over?

Given the client needs to know the resource in order to resume or cancel it in this case, I think it makes sense to include the Location header with an error status code to allow them to take further action, possibly also including the Upload-Offset.