HTTP’s uniform interface consists of the GET, POST, HEAD, OPTIONS, HEAD, PUT, DELETE, and TRACE methods. This article provides a short primer on using these HTTP methods, listed in the order used by RFC 2616.
1. OPTIONS Method
Use this method to find the list of HTTP methods supported by any resource or to ping the server.
- Request: Headers but no body.
- Response: Headers but no body by default. The server may provide a description of the resource in the body.
Examples:
1. Request to find methods supported by a resource
OPTIONS /movie/gone_with_the_wind HTTP/1.1
Host: www.example.org
Response with the methods supported by the resource
HTTP/1.1
204 No Content
Allow: HEAD, GET, OPTIONS, PUT, DELETE
2. Request to ping the server or find the version of HTTP supported
OPTIONS * HTTP/1.1
Host: www.example.org
Response
HTTP/1.1 204 No Content
2. GET Method
Use this method to retrieve a representation of a resource.
- Request: Headers but nobody specified by HTTP 1.1.
- Response: A representation of the resource at the request URI usually with a body. Response headers such as Content-Type, Content-Length, Content-Language, Last-Modified, and ETag correspond to the representation in the response.
Also Read: Useful Linux Networking Commands You Need To Know
Examples:
A request to get a representation of a resource
GET /tx/1234 HTTP/1.1
Host: www.example.org
Response
HTTP/1.1 200 OK
Content-Type: application/xml; charset=UTF-8
Content-Length: xxx
<Status>
…..
</status>
3. HEAD Method
Use this method to retrieve the same headers as that of a GET response but without anybody in the response. In other words, this method returns the same response as GET except that the server returns an empty body. Clients can use this method to check whether a resource exists or to learn its metadata.
- Request: Headers, with no body specified by HTTP 1.1.
- Response: Headers but no body. Servers must not include a body.
Examples:
Request to get a representation of a resource
HEAD /movie/gone_with_the_wind HTTP/1.1
Host: www.example.org
Response
HTTP/1.1
200 OK
Content-Type: application/xml; charset=UTF-8
Content-Length: xxx
4. POST Method
Use this method to let the resource perform a variety of actions on the server side such as creating new resources, updating existing resources, or making a mixture of changes to one or more resources.
- Request: A representation of a resource.
- Response: A representation of the resource or instructions for a redirect. If there is a representation in the body that corresponds to a URI of a resource other than the request URI, include a Content-Location header with the URI of that resource.
Examples:
1. Perform some resource specific action
POST /admin/purge HTTP/1.1
Host: www.example.org
Response
HTTP/1.1 204 No Content
2. Request to create a resource
POST /user/smith HTTP/1.1
Host: www.example.org
Content-Type: application/xml; charset=UTF-8
<address>
<Street>1, Main Street</street>
<city>Some City</city>
</address>
Response
HTTP/1.1 201 Created
Location: http://www.example.org/user/smith/address/1
Content-Location: http://www.example.org/user/smith/address/1
Content-Type: application/xml; charset=UTF-8
<address>
<id>urn: example: user: smith: address:1</id>
<atom: link rel=”self” href=”http://www.example.org/user/smith/address/1″/>
<street>1, Main Street</street>
<city>Some City</city>
</address>
3. Request to modify a resource
POST /user/smith/address_merge HTTP/1.1
Host: www.example.org
Content-Type: text/csv; charset=UTF-8
John Doe, 1 Main Street, Seattle, WA
Jane Doe, 100 North Street, Los Angeles, CA
Response
HTTP/1.1 303 See Other
Location: http://www.example.org/user/smith/address_book
Content-Type: text/html; charset=UTF-8
<html>
<head> … </head>
<body>
<p>See <a href=”http://www.example.org/user/smith/address_bookm>address book</a> for the merged address book. </p> </body>
</html>
5. PUT Method
Use this method to completely update or replace an existing resource or to create a new resource with a URI specified by the client.
- Request: A representation of a resource. The body of the request may or may not be same as a client would receive for a subsequent GET request. In some cases, the server may require clients to include only the mutable portions of the resource.
- Response: The response can be a status of the update. You can include a complete representation of the updated resource in the response, but clients cannot assume that the response contains a complete representation unless the response includes a Content- Location header. If the server does not include this header, clients must submit an unconditional GET request to get the updated representation along with Last-Modified and/or ETag headers.
Examples:
1. Request to update a resource
PUT /movie/gone_with_the_wind HTTP/1.1
Host: www.example.org
Response
HTTP/1.1 204 No Content
2. Request to create a new resource
PUT /movie/gone_with_the_wind HTTP/1.1
Host: www.example.org
Response
HTTP/1.1 201 Created
Location: http://www.example.org/movie/gone_with_the_wind
Content-Length: 0
Suggested Read:
6. DELETE Method
Use this method to let a client delete a resource.
- Request: Headers but no body. If you must submit data to delete a resource, use POST with a controller resource.
- Response: Success or failure. The body may include the status of the operation
Examples:
Request to delete a resource
DELETE /movie/gone_with_the_wind HTTP/1.1
Host: www.example.org
Response
HTTP/1.1 204 No Content
As far as the client is concerned; the resource is gone after a successful response.
7. TRACE Method
Use this method to let the server echo back the headers that it received. Servers supporting this method may be prone to the cross-site tracing (XST) security vulnerability.
- Request: Headers and body.
- Response: The body contains the entire request message.
Example:
Request
TRACE /movie/gone_with_the_wind HTTP/1.1
Host: www.example.org
Accept: text/html
Response
HTTP/1.1 200 OK
Content-Type: message/http
TRACE /movie/gone_with_the_wind HTTP/1.1
Host: www.example.org
Accept: text/html
You may also like:
- Top 20 Active Directory (AD) Attack Methods
- The Top 10 Free VPNs Which Are Safe and Allow You to Access Blocked Content
- Seattle Airport Hit by Possible Cyberattack, Websites & Phone Systems Were Impacted
- How to Choose the Best E-Commerce Web Hosting for Maximum Uptime
- Choosing the Right Website Hosting – A Comprehensive Guide
- Top 20 Cybersecurity Training Platforms
- Essential Tips for Choosing the Perfect Web Hosting Plan
- 40 Commonly Targeted Ports by Hackers
- Top 8 Best Ethical Hacking Tools
- Host-Based Intrusion Prevention Systems (HIPS) – Features, Mechanisms, and Limitations