I am creating an API and want Ajax to be able to interact with it. The API should allow you to insert, update, and delete data. Is it a good idea to allow any of these operations via GET?
For example: http://api.domain.com/insert_person/?name=joe
My initial plan was to use GET for my "get" methods (basically a simple DB request) and POST for adding, editing, and deleting. The problem is the JS policy with the same source code, which makes it difficult for Ajax to interact with my API. There is a jQuery workaround for GET (via JSONP).
Suggestions?
In a word: NO
GET .
- , , , .
, GET JSONP - . , -, , , API.
JSONP GET, , XSS CSRF.
( ).
POST, db , , , , php curl. ( )
If you allow interacting with your db using get, then anyone can just type the url using the commands they want, so yes, avoid this.
As others have pointed out, GET should not be used to deal with side effects such as insert, update, and delete.
To allow cross-origin to use your API, check out “Sharing resources for different sources,” although it is currently partially supported by browsers .