Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

REST API using POST instead of GET

Tags:

rest

post

get

Let's assume a service offers some funcionality that I can use like this:

GET /service/function?param1=value1&param2=value2

Is it right to say that I can use it with a POST query?

POST /service/function { param1 : value1, param2 : value2 }

Are these two queries the same? Can I use the second variant in any case or the documentation should explicitly say that I can use both GET and POST queries?

like image 285
hank Avatar asked Oct 28 '13 14:10

hank

People also ask

Can we use POST instead of GET in REST API?

POST is valid to use instead of GET if you have specific reasons for doing so and process it properly.

Should I use POST instead of GET?

Learn why one type of processing request provides more security for your Web application in this expert tip. It's the age-old question: is the POST method better than the GET method for processing HTTP requests? The common response is always use POST.

Can we use POST to read the data instead of GET?

Yes, you can make it work at least using WCF, it's bit different in MVC and Web API where you add attributes to methods like [GET] [POST] etc..

Why is POST better than GET?

GET is less secure than POST because sent data is part of the URL. POST is a little safer than GET because the parameters are stored neither in the browser history nor in the web server logs.

1 Answers

I use POST body for anything non-trivial and line-of-business apps for these reasons:

  1. Security - If we use GET with query strings and https, the query strings can be saved in server logs and forwarded as referral links. Both of these are now visible by server/network admins and the next domain the user went to after leaving your app. So if we send a query containing confidential PII data such as a customer's name this may not be desired.
  2. URL maximum length - Not a big issue, but some browsers have a limit on the length. So if we have several items in our URL like query, paging, fields to return, etc....
  3. POST is not cached by default. Some say caching is desired; however, how often is that exact same set of search criteria for that exact object for that exact customer going to occur before the cache times out anyway?

BTW, I also put the fields to return in my POST body as I may not wish to expose my field names. Security is like an onion; it has many layers and makes us cry!

like image 109
Scott Peal Avatar answered Sep 22 '22 05:09

Scott Peal
Sign in to Comment

Related questions

Download File from Bytes in JavaScript
HTTP POST payload not visible in Chrome debugger?
cURL POST command line on WINDOWS RESTful service
How can I send a success status to browser from nodejs/express?
Do SOAP Web services support only "POST" http method
POST request with JSON body
Post request with Wget?
Error 415 Unsupported Media Type: POST not reaching REST if JSON, but it does if XML
What is the cause of the Bad Request Error when submitting form in Flask application?
How to post raw body data with curl?
Javascript window.open pass values using POST
How do I print all POST results when a form is submitted? [duplicate]
fetch() does not send headers?
jQuery - Redirect with post data
In REST is POST or PUT best suited for upsert operation?
How to switch from POST to GET in PHP CURL
Django - taking values from POST request
How do I make a https post in Node Js without any third party module?
Rails not decoding JSON from jQuery correctly (array becoming a hash with integer keys)
POST data in JSON format

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!