REST API using POST instead of GET

Question

Let's assume a service offers some funcionality that I can use like this:

GET /service/function?param1=value1&param2=value2 

Is it right to say that I can use it with a POST query?

POST /service/function { param1 : value1, param2 : value2 } 

Are these two queries the same? Can I use the second variant in any case or the documentation should explicitly say that I can use both GET and POST queries?

Answer 1

I use POST body for anything non-trivial and line-of-business apps for these reasons:

1. Security - If we use GET with query strings and https, the query strings can be saved in server logs and forwarded as referral links. Both of these are now visible by server/network admins and the next domain the user went to after leaving your app. So if we send a query containing confidential PII data such as a customer's name this may not be desired.
2. URL maximum length - Not a big issue, but some browsers have a limit on the length. So if we have several items in our URL like query, paging, fields to return, etc....
3. POST is not cached by default. Some say caching is desired; however, how often is that exact same set of search criteria for that exact object for that exact customer going to occur before the cache times out anyway?

BTW, I also put the fields to return in my POST body as I may not wish to expose my field names. Security is like an onion; it has many layers and makes us cry!