I want to know which HTTP method i use for developing a login API, GET or POST ?. I have developed my login API in PHP using post method, but my BOSS say that, why you use POST method instead of GET method.
Always POST
, and preferably with SSL (as in: https://...
). Because the parameters in GET
get stored all over the place for caching reasons.
So, if you boss needs a reason: security.
There is a REST-related reason: the GET
queries first of all are expected to be aggressively cached, because they do not alter the server state of data. The POST
requests instead are expected to never be cached, because the alter the state of server and (unlike PUT
request), there is no expectation for calling multiple POST
request to return the same response and leave the server in the same state.
For example: if you send 5 login request, that fail, the 6th one can return "your IP has been blocked for 30 min" as a response.
Use POST. With GET the parameters are in the URL, which is very insecure. While https (you are using https, right?) should encrypt everything end-to-end, with GET the parameters will be in plain text in log files and in the user's browser (until the next page is loaded or redirected).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With