Using GET for a non-idempotent request

Question

Simply put, I have a website where you can sign up as a user and add data. Currently it only makes sense to add specific data once, so an addition should be idempotent, but theoretically you could add the same data multiple times. I won't get into that here.

According to RFC 2616, GET requests should be idempotent (really nullipotent). I want users to be able to do something like visit

http://example.com/<username>/add/?data=1

And this would add that data. It would make sense to have a PUT request do this with REST, but I have no idea how to make a PUT request with a browser and I highly doubt most people do or would want to bother to. Even using POST would be appropriate, but this has a similar problem.

Is there some technically correct way to allow users to add data using only GET (e.g. by visiting the link manually, or allowing external websites to use the link). When they visit this page I could make my own POST/PUT request either with javascript or cURL, but this still seems to violate the spirit of idempotent GET requests.

Answer 1

Is there some technically correct way to allow users to add data using only GET ... ?

No matter how you go about letting clients access it, you'll end up violating RFC2616. It's ultimately up to you how you handle requests (nothing's going to stop you from doing this), but keep in mind that if you go against the HTTP specification, you might cause unexpected side-effects to clients and proxies who do abide by it.

Also see: Why shouldn't data be modified on an HTTP GET request?

---

As far as not being able to PUT from the browser, there are workarounds for that ^{[1], [2]}, most of which use POST but also pass some sort of _method request parameter that's intercepted by the server and routes to the appropriate server-side action.