why do we use "post" method instead of "get" method in Rest Api

Madhan007
Tera Contributor

Hi all,
We had an Integration Requirement where we pass the 'Name' parameter in the Rest Api message and get the respective 'ID' in return. But for this,  I dont Understand why POST method has been used instead of GET method. Please pour your insights into this.

Thank you!

1 ACCEPTED SOLUTION

Robbie
Kilo Patron
Kilo Patron

Hi @Madhan007,

 

Interesting question. Do you know if there were/are any security concerns with the ID or data being returned? The only justification I've seen previously for using a 'post' method rather than a 'get' method is because the data sent is part of the URL with a 'get'.

Additionally, a 'post' is not cached and parameters are not saved in the browser history.

 

I'd steer you the below for a quick overview of the differences and let you determine what's best, however, generally, your spidey senses are correct. This would normally be a 'get'

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

 

Thanks, Robbie

 

The following table compares the two HTTP methods: GET and POST. (Source: W3C)

  GET POST
BACK button/ReloadHarmlessData will be re-submitted (the browser should alert the user that the data are about to be re-submitted)
BookmarkedCan be bookmarkedCannot be bookmarked
CachedCan be cachedNot cached
Encoding typeapplication/x-www-form-urlencodedapplication/x-www-form-urlencoded or multipart/form-data. Use multipart encoding for binary data
HistoryParameters remain in browser historyParameters are not saved in browser history
Restrictions on data lengthYes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters)No restrictions
Restrictions on data typeOnly ASCII characters allowedNo restrictions. Binary data is also allowed
SecurityGET is less secure compared to POST because data sent is part of the URL

Never use GET when sending passwords or other sensitive information!
POST is a little safer than GET because the parameters are not stored in browser history or in web server logs
VisibilityData is visible to everyone in the URLData is not displayed in the URL

View solution in original post

8 REPLIES 8

Robbie
Kilo Patron
Kilo Patron

Hi @Madhan007,

 

Did you see my earlier response?

So my answer is not lost in the thread, I've re-posted it.

Interesting question. Do you know if there were/are any security concerns with the ID or data being returned? The only justification I've seen previously for using a 'post' method rather than a 'get' method is because the data sent is part of the URL with a 'get'.

Additionally, a 'post' is not cached and parameters are not saved in the browser history.

 

I'd steer you the below for a quick overview of the differences and let you determine what's best, however, generally, your spidey senses are correct. This would normally be a 'get'

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

 

Thanks, Robbie

 

The following table compares the two HTTP methods: GET and POST. (Source: W3C)

  GET POST
BACK button/ReloadHarmlessData will be re-submitted (the browser should alert the user that the data are about to be re-submitted)
BookmarkedCan be bookmarkedCannot be bookmarked
CachedCan be cachedNot cached
Encoding typeapplication/x-www-form-urlencodedapplication/x-www-form-urlencoded or multipart/form-data. Use multipart encoding for binary data
HistoryParameters remain in browser historyParameters are not saved in browser history
Restrictions on data lengthYes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters)No restrictions
Restrictions on data typeOnly ASCII characters allowedNo restrictions. Binary data is also allowed
SecurityGET is less secure compared to POST because data sent is part of the URL

Never use GET when sending passwords or other sensitive information!
POST is a little safer than GET because the parameters are not stored in browser history or in web server logs
VisibilityData is visible to everyone in the URLData is not displayed in the URL

Madhan007
Tera Contributor

Hi @Robbie, How does "Post" Method can fetch data without creating a Record in the database?

Hi @Madhan007,

 

So I can provide context and perhaps an example, can you advise if the POST is inbound (received into your SN instance) or outbound (sent from SN to another system)

 

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

 

Thanks, Robbie

 

Madhan007
Tera Contributor

Hi @Robbie , it is outboud (sent from SN to other)