Http methods and codes

The

HTTP method is used to indicate the operation of the API client that wants to perform a given resource. Each HTTP method corresponds to a specific operation, such as creating, reading, updating or deleting resources, and each request for the REST API must include the HTTP method.

The working principle of the HTTP protocol is that the client sends a request to the server, and the server responds to these requests. We send HTTP requests by using different HTTP methods (sometimes called HTTP verbs) to perform CRUD operations (creation, read, update, delete). Get and POST are the most commonly used HTTP methods, but there are more HTTP methods to learn. This article will introduce different HTTP methods and how to use them when constructing and using Web APIs.

The 9 HTTP methods you should understand

<.> 1. get method

If we want to retrieve data from resources (such as websites, servers, or APIs), we will send them GET requests. For example, if we want a customer list or specific customers, we will send a GET request to the server.

Since the GET method should not change the data on the resource, but only read them (read only), it is considered a security method. In addition, the get method is power.

How to use the GET method to test the API?

When we want to test the API, our most common method is the get method. Therefore, we expect the following situations:

If resources are accessible, the API will return 200 status code to indicate "OK".

In addition to the 200 status code, the server usually returns the response text in XML or JSON format. For example, we expect [/members] endpoint to return a list of members in XML or JSON format.

If the server does not support the endpoint, the server will return 404 status code, indicating "not found."

If we send a request with the wrong grammar, the server will return 400 status code to indicate "wrong request".

<.> 2. POST method

POST method creates new resources at the back end (server). The request text carries the data we want to send to the server. It is neither a security method nor a power. We do not expect the same results for each sending request. For example, the two same post requests will create two new equivalent resources with the same data and different resource IDs.

When sending a post request to the server, we expect the following situations: Ideally, if the POST request creates a new resource at the other end, the response should have the 201 state code, which means "created".

Sometimes the execution of the POST request will not return the resource in a given URL; in this case, this method will return 204 status code to indicate "no content."

How to test the post endpoint

Because the post method creates data, we must change the data carefully; it is strongly recommended to test all the post methods in the API. In addition, make sure to delete the created resources after the test is completed.

The following are some suggestions that we can use to test APIs that use the POST method:

Use the post method to create a resource, it should return the 201 state code.

Execute the GET method to check whether the resource is successfully created. You should get 200 status code and respond to the resource that has been created.

Using incorrect or incorrect data to execute the post method to check whether the operation fails.

<.> 3. Put method

Using the PUT request method, we can update the existing resources by sending the updated data as the content of the request text to the server. The PUT method updates the resources by completely replacing all it. If it is applied to a resource collection, it will replace the entire collection, so please use it carefully. The server will return 200 or 204 status code after successfully updating its existing resources.

How to use the PUT method to test the API?

PUT method is power, etc., it modifies the entire resource, so in order to test the behavior, we ensure the following operations:

Send a PUT request to the server many times, and it should always return the same result.

When the server completes the PUT request and updates the resource, the response should have a 200 or 204 status code.

After the server completes the PUT request, a GET request is issued to check whether the data on the resource has been updated correctly.

If the input is invalid or the format is error, the resources are not allowed.

<.> 4. Patch method

Patch is another unusual HTTP method. Similar to Put, Patch updates resources, but it only updates the data, not all updates. For example, for more accurate reasons, the request [Put] Customers/{Customerid} will completely update the fields in the Customers entity in the resources. However, the Patch method does update the fields provided by the customer entity. Generally, this modification should be standard format, such as JSON or XML. How to test the API with the Patch method?

To test the API by using the PATCH method, please follow the steps discussed in this article to test the API with the PUT and Post method. Consider the following results:

Send a PATCH request to the server; the server will return the 2xx HTTP status code, which means that the request has been successfully received, understood and accepted.

execute GET requests and verify whether the content has been updated correctly.

If the request is incorrect or the format is incorrect, the operation must fail.

<.> 5. DELETE method

As the name suggests, delete the resources. Delete method is power, no matter how many calls are called, it returns the same result.

Most APIs always return the 200 state code. Even if we try to delete the deleted resources, but in some APIs, if the target data no longer exists, the method call will return the 404 status code.

How to test the delete endpoint? When deleting some content on the server, we should be cautious. We are deleting data, which is important. First, make sure that delete data is acceptable, and then perform the following operations:

Call the post method to create new resources. Do not use actual data to test Delete. For example, create a new customer first, and then try to delete the customers you just created.

Send a delete request for specific resources. For example, request [Delete] /Customers /{Customer-Id} Delete customers with designated customer IDs.

Call the GET method for the deleted customers, and it should return 404 because resources no longer exist.

<.> 6. Head method

Head method is similar to the get method. But it does not have any response text, so if it returns the response text wrongly, it must be ignored. For example, [get] /Customers endpoint returns the customer list in its response text. In addition, [Head] /Customers also perform the same operation, but it does not return to the customer list. Before requesting GET endpoints, we can send the Head request to determine the size of the file or data we are downloading. Therefore, the head method is safe and power.

How to test the Head endpoint

One of the advantages of the Head method is that as long as the API supports it, we can test whether the server can be available and accessible, and it is much faster than the GET method because it does not respond to the text. We hope that the status code obtained from the API is 200. Before each other HTTP method, we can use the HEAD method to test the API.

<.> 7. Options method

We use this method to obtain information about possible communication options (allowed HTTP methods) to give in the server, or use the star number to refer to the entire server. This method is safe and power.

Various browsers use the Options method to check whether the CORS (transmitted resource sharing) operation on the target API is limited.

How to test Options endpoint

According to whether the server supports the Options method, we can use the Options method to test the number of fatal faults of the server. Try it, please consider the following points: Send an Options request and check the returned header and status code.

Test the failure of the resource that does not support the Options method.

<.> 8. Trace method

Trace method is used for diagnosis. It uses the same request text that the request textant to the server before the client to create a ring back test, and the successful response code is 200 OK. Trace method is safe and power.

Trace method may be dangerous because it may leak credentials. Hackers can use client attacks, including internal identity verification header.

How to use the Trace method to test the API?

Send a standard HTTP request, such as the GET request of /API /Status

Replace GET to Trace and send it again.

Check the content of the server. If the response has the same information as the original request, the trace function is enabled in the server and the work is normal.

<.> 9. Connect method

Connect method is used to establish end -to -end connections between clients and servers. It builds a two -way connection between them, just like a tunnel. For example, we can use this method to safely transmit large files between clients and servers.

HTTP method compare

Method Summary CRUD accepts the request of the request text power and other security Get obtain a single resource or resource group reading PUT one -time update of the entire resource update is yes Is it possible to create a new resource creation? Part of the renewal resource update of the patch Delete delete resources, is it or not? Options obtains the information about allowable operations, is it read? HEAD acquisition of the endpoint metadata read is it Trace is used to diagnose the purpose of reading Connect establishes a two -way connection between the client and resources -no-

The above is the detailed content of Http methods and codes. For more information, please follow other related articles on the PHP Chinese website!