REST API using POST instead of GET

by

I use POST body for anything non-trivial and line-of-business apps for these reasons:

  1. Security – If we use GET with query strings and https, the query strings can be saved in server logs and forwarded as referral links. Both of these are now visible by server/network admins and the next domain the user went to after leaving your app. So if we send a query containing confidential PII data such as a customer’s name this may not be desired.
  2. URL maximum length – Not a big issue, but some browsers have a limit on the length. So if we have several items in our URL like query, paging, fields to return, etc….
  3. POST is not cached by default. Some say caching is desired; however, how often is that exact same set of search criteria for that exact object for that exact customer going to occur before the cache times out anyway?

BTW, I also put the fields to return in my POST body as I may not wish to expose my field names. Security is like an onion; it has many layers and makes us cry!

More Related Contents:

  1. Logout: GET or POST?
  2. Is sending POST data with a GET request valid?
  3. File uploading using GET Method
  4. What is the difference between POST and PUT in HTTP?
  5. What is the difference between POST and GET? [duplicate]
  6. When should I use GET or POST method? What’s the difference between them?
  7. How do you post to an iframe?
  8. Is either GET or POST more secure than the other?
  9. How are POST and GET variables handled in Python?
  10. How to post JSON to PHP with curl
  11. Curl and PHP – how can I pass a json through curl by PUT,POST,GET
  12. Is it possible to send an array with the Postman Chrome extension?
  13. Are HTTPS headers encrypted?
  14. How do you POST to a page using the PHP header() function?
  15. Error 415 Unsupported Media Type: POST not reaching REST if JSON, but it does if XML
  16. How to send POST and GET request?
  17. How to send file contents as body entity using cURL
  18. Firefox Add-on RESTclient – How to input POST parameters?
  19. Why is the GET method faster than POST in HTTP?
  20. Volley send JSONObject to server with POST method
  21. Python POST binary data
  22. How can I pass parameters from the command line to $_POST in a PHP script?
  23. Uploading a file larger than 2GB using PHP
  24. What REST PUT/POST/DELETE calls should return by a convention?
  25. post and get with same method signature
  26. Different result when using GET/POST in elastic search
  27. Maximum default POST request size of IIS 7 – how to increase 64kB/65kB limit?
  28. How to send an image to an api in dart/flutter?
  29. Avoid duplicate POSTs with REST
  30. GET vs POST in AJAX?

Leave a Comment