0

I was reading this answers, and wondering, why is it so much better to "modify resource" / "execute procedures" using a parameters inside a POST than in a GET for a RESTful API?

The Student
  • 27,520
  • 68
  • 161
  • 264

2 Answers2

2
  1. URL length is limited - browsers usually limit it to 2048 symbols so you can not put too much information in the GET parameters
  2. URL allows only simple key/value pairs as query parameters - you will have to URL-encode JSON values which may quickly reach the URL length limit
  3. GET requests may be cached at various points between the client and the server - so the client can not be certain that the API response is recent or cached (for example, if you try to rename an entity an intermediate proxy may reply with the result of your previous GET for renaming the same entity)
  4. You can not upload a file with GET
IVO GELOV
  • 13,496
  • 1
  • 17
  • 26
  • I was wondering about a simple "resendEmail?productOrderId=x"; in this case, the itens 1, 2 and 4 of the answer don't apply, but the item 3 is a really good reason to use Post. – The Student Feb 01 '20 at 07:48
1

why is it so much better to "modify resource" / "execute procedures" using a parameters inside a POST than in a GET for a RESTful API

Because the semantics of GET are specified to be safe

Request methods are considered "safe" if their defined semantics are essentially read-only; i.e., the client does not request, and does not expect, any state change on the origin server as a result of applying a safe method to a target resource.

This shared contract says that I can produce a GET request targeting any resource in the world and know that my action is harmless (or, more precisely, that if it isn't harmless, it isn't my fault).

That semantic guarantee allows things like crawlers, that are able to navigate the web archiving representations of resources without needing to know anything about any specific resource.

Community
  • 1
  • 1
VoiceOfUnreason
  • 52,766
  • 5
  • 49
  • 91
  • I'm talking about Get with parameters, crawlers don't use parameters... – The Student Jan 31 '20 at 16:00
  • @TomBrito Crawlers will use any URI they find, regardless whether they have parameters or not. Some might even attempt to guess parameters or add one on their own in order to get into the hidden Web and find more stuff to grab. The spec is furthermore very clear that an API implementor can not claim a client guilty of performing something unsafe when a safe operation is used. The client simply acts on the belief that invoking that resource via a GET resource does not modify anything – Roman Vottner Jan 31 '20 at 16:22