Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Empty HTTP POST request or GET request to generate a random value through an HTTP API

In my HTTP API, one of the endpoints should return an randomly generated value and that value will be associated with the authenticated caller of the endpoint. Currently, I have the following structure:

GET http://example.com/random-ticket HTTP/1.1
Authorization: Basic base64-encoded-basic-auth-value
Accept: application/json
Host: example.com

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json; charset=utf-8
Date: Thu, 03 Oct 2013 07:25:56 GMT
Content-Length: 59

{"user-ticket":"Pfa42634e-1a2e-4a7d-84b9-2d5c46a8dd81"}

A GET request is issued to retrieve the random value. However, HTTP GET calls should be idempotent and my above implementation is not obeying that rule. On the other hand, I'm not sure if it's OK to issue HTTP POST requests with an empty message body.

What is the right way of performing this type of operations by the HTTP book?

like image 807
tugberk Avatar asked Oct 09 '13 07:10

tugberk


People also ask

What is difference between GET and POST method in API?

GET retrieves a representation of the specified resource. POST is for writing data, to be processed to the identified resource. 2. It typically has relevant information in the URL of the request.

What is get put POST in API?

The PUT MethodPUT is used to send data to a server to create/update a resource. The difference between POST and PUT is that PUT requests are idempotent. That is, calling the same PUT request multiple times will always produce the same result.

Which is better GET or POST method?

POST request is comparatively more secure because the data is not exposed in the URL bar. Request made through GET method are stored in Browser history. Request made through POST method is not stored in Browser history. GET method request can be saved as bookmark in browser.

CAN POST request have empty body?

Empty Body - Web Activity - A valid body is required for PUT and POST request.


1 Answers

  • Safe => whether call results in a change of state on the server.
  • Idempotent => whether multiple calls result in the same change on the server.

So the question is not the data that is returned. Rather it is the server state: so if you are storing this value on the server this results in a change in the state, then it is not fit for GET. Otherwise if it is the data that is returned, it is fine. Call to http://stackoverflow.com returns different data if called 10 minutes apart.

Let's look at another example, a Clock service which returns the current time. Everytime you make the call, you get a different value but the call itself does not result in a change in the state on the server since the clock state is maintained separately. So using GET here is a good choice.

like image 181
Aliostad Avatar answered Oct 06 '22 21:10

Aliostad