Geek asks and answers

GET vs POST in REST web service

I am developing a REST service that allows the user to require listing based on several pieces of information that appear on their invoice (invoice number and invoicing zip code).

I have read countless articles and questions about when to use GET and when to use POST. In general, the general consensus is that GET should be used for idempotent operations, and POST should be used for operations that create something on the server side. However, this article:

http://blog.teamtreehouse.com/the-definitive-guide-to-get-vs-post

raised my question about using GET for this particular scenario, simply because I use these 2 pieces of information as a user authentication mechanism. I am not updating anything on the server with this particular method call, but I also don’t necessarily want to display the information in the URL.

This is an internal web service, and only the external interface that calls the service is publicly open, so I don’t have to worry about the URL displayed in the user's browser history. My only problem would be an unlikely event when someone gets access to the server log, in which case I will have problems.

I tend to POST for security reasons; however, GET feels like the right method because the request is idempotent. What is the recommended method in this case?

+5
3

POST GET, , -. , ( ), - voila, .

( , HTTP), - , -, URL-, GET.

, , POST , GET, .

+5

POST GET . , URL-, REST, , URL- .

0

. -, GET , GET ting ; , . -, URL- GET , GET ( , HTTP-, ). -, , . , , .

You should use the verb that best describes what you do, you get some information from the server, so use it GET. Use some appropriate security, such as basic HTTPS encryption. If you want these fields not to "clog" the URL, you can send data to the request payload, for example:

GET /listings HTTP/1.1
Content-Type = application/json

{ "zip"     : "IN0N0USZ1PC0D35",
  "invoice" : "54859081145" }
0
source

More articles:


All Articles