Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Sending data via request header vs sending data via request body

Tags:

What is the difference between sending data through the request header and sending data through the request body. Under what circumstances, we have to send the data through the header/body and when shouldn't we send the data through header/body ?

like image 496
UnahD Avatar asked Oct 26 '15 06:10

UnahD


People also ask

What is the difference between HTTP header and HTTP body?

A HTTP body (request) body is the one which carries actual HTTP request data (including form data and uploaded etc.) and HTTP response data from the server ( including files, images etc). While HTTP Request header header can't not contain actual data like as above.

What is the difference between header and body in API?

The header and body in REST API are the components of an HTTP request and response. The header is the part of the request that contains information about the request, and the body is the part of the request that contains the data. The header and body are separated by the HTTP header.

Is header safer than body?

If we continue this idea for headers/body , I would suggest that headers are more likely to be logged if compared to body. At least in our applications we appear to log requests together with headers. From cryptography point of view they are all equal as being transferred all together.

Can we send data in header?

While request header can not contain actual data as mentioned above, you can use request header to send some specific header and based on that you can apply your logic. For instance, while creating a REST API you can send AUTHENTICATION header to verify if request is coming from an allowed user or not.


1 Answers

It is usually a good idea to use the headers for metadata and the body for the data that is used by the business logic.

Some points to consider:

1) If the data is sent via HTTP instead of HTTPS, the proxy servers can modify the headers.

2) If you are using the REST protocol for communication among microservices, interoperability could be important. Most APIs usually do not provide the capability to add/modify custom headers.

3) It is better to have the data that is used by routers/firewalls in the HTTP header and limit the body to application specific information.

like image 111
Pradeep Vairamani Avatar answered Sep 24 '22 15:09

Pradeep Vairamani