In this blog we will discuss about various HTTP Methods and HTTP Response codes in detail.
Http Methods
*Idempotent - Receive the same response every time on sending identical requests for multiple times.
Let me illustrate these request in details with few examples -
1. GET
This method is used to retrieve resource, it could be a single resource or a collection of resources.
As it does not change the state of the resource, hence it is categorized into safe method.
Common Status response codes –
200 (Ok) - if request is successful.
404 (Not Found) - if requested resouce is not found.
400 (Bad Request) - if request is invalid.
Sample Example -
Request URL
GET /customers/12345
Response Body
{
"id": "12345",
"name": "Test_Name",
"email": "test_name@mail.com"
}2. POST
This method is used to create new resource or collection of resources.
This usually changes the state of the server, hence categorized into unsafe methods.
It returns HTTP status code 201 (Ok) if resource is successfully created.
Sample Example -
Request URL
POST /customers
Request Body
{
"name": "Test_Name",
"email": "test_name@mail.com"
}
Response Body
{
"id": "12345"
}
3. PUT
This method is used to update or replace an existing resource.
If there is no resource that matches the request, it will create a new resource.
If you call the same PUT requests multiple times, the results will always be the same.
Common Status response codes –
201 (Created) - if PUT request creates a resource.
200 (Ok) - if the request modifies existing resource.
Sample Example -
Request
PUT /customers/123
Request Body
{
"name": "new name",
"email": "test_name@mail.com"
}
Response Body
HTTP/1.1 200 OK
Content-Type: application/json
{
"success":"true"
}
4. PATCH
HTTP PATCH request is used to make partial updates on a resource.
Unlike PUT which require a full user entity, with PATCH requests you may only send the updated entity.
Common Status response codes –
200 (Ok) - if PATCH request is successful.
304 (Not Modified) or 400 (Bad Request) - if invalid data is supplied in the request.
Sample Example -
Request
PATCH /customers/123
Request Body
{
"email": "test_name@mail.com"
}
Response Body
HTTP/1.1 200 OK
Content-Type: application/json
{
"success":"true"
}
5. DELETE
This method is used to delete an existing resource.
If a new resource is created with a POST request, it can be retrieved with a GET request and then making a DELETE request, resource will get completely removed.
Common Status response codes –
200 (Ok) - the action completed successfully.
202 (Accepted) - if the action has been queued.
Request
DELETE /customers/123
Response Body
HTTP/1.1 200 OK
Content-Type: application/json
{
"success":"true"
}
6. HEAD
HEAD is identical to GET request, only difference is that it doesn’t have a message-body in the response.
It is used to get the meta-data that is written into the Response header.
7. OPTIONS
This request is used to get the data describing what other methods and operations the server supports (viz. GET, POST, PUT, DELETE etc.)
If an API isn't expecting an OPTIONS request, it's good to put a test case in place that verifies failing behavior.
Sample Example -
Request
OPTIONS /customers
Response Body
HTTP/1.1 200 OK
access-control-allow-methods: GET,POST,PATCH,PUT,DELETE8. TRACE
This method is used for diagnostic purpose.
TRACE allows to see what is being received at provider end.
It should be disabled on production systems. In case enabled, TRACE method has security implications like –
It could reveal sensitive data through headers.
TRACE method can also be used to cause cross site scripting. The cross site scripting caused by TRACE method is most commonly referred as Cross Site Tracing.
HTTP Response Status Codes
HTTP defines standard status codes that can be used to convey the results of a request. The status codes are divided into the four categories as shown below.
For better view download the PDF -
In next blog we will talk about API Authentication. But before that I would like to request a feedback from you which will help me to improve, so please share your thoughts.
Comments