HTTP methods

The HTTP protocol allows the use of different types or methods of requests, which refer to different tasks that the client (browser) wants the website to perform. For example, if a user saves data on a website, such as user information, it is expected that the browser does this using the POST, PUT, or PATCH method. However, since the operation of the website is completely in the hands of the website developer, the browser can make this storage request using almost any type of request, but this is against best practices.

HTTP methods can be thought of as operations that either change or read the state of a website.

It is important to understand that the use of these different methods also affects the format that the HTTP message must be in.

GET method

The GET method is definitely the most commonly used HTTP request type, as well as the default request type that a browser sends unless otherwise instructed. So the browser uses the GET request type by default, for example, when you navigate by clicking in the browser.

With a GET request, the browser typically asks the webpage to return the requested resource.

Below is an example of how a GET request might look like. This particular GET request has occurred when the browser has directly navigated to https://www.hakatemia.fi/.

GET / HTTP/2
Host: www.hakatemia.fi
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.72 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: close

POST method

Unlike the GET method, which is meant to retrieve information or a resource, the POST method is designed for sending data from a browser to a website. The POST request can contain an HTTP body where the data is located.

The following POST request is an example of what a POST request may look like, for example, when logging into a website.

POST /login HTTP/1.1
Host: www.hakatemia.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Content-Length: 27

kayttajatunnus=teppo.tavis@hakatemia.fi&salasana=salasana123

PUT method

The PUT request type can be used for the same purpose as POST, but its original idea was to be a request type that replaces a desired resource with another, unlike POST whose purpose was to save individual information, for example about a user. The idea behind the PUT request type was to replace a entire entity or resource with another. But as already mentioned, the use of HTTP methods and the behavior of a website with respect to these different request types is completely up to the website developer.

In the following PUT request, the user subscribes to Hakateemia's email list.

PUT /api/email-signup HTTP/2
Host: www.hakatemia.fi
Content-Length: 41
Accept: application/json, text/plain, */*
Content-Type: application/json
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.72 Safari/537.36
Origin: https://www.hakatemia.fi
Referer: https://www.hakatemia.fi/
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8

{"email":"teppo.tavis@hakatemia.fi"}

DELETE method

The purpose of the DELETE request type is simply to delete a resource or entity. This may be used, for example, in various API interfaces. More information can be found here.

The following DELETE request could, for example, remove the user's profile picture.

DELETE /kayttaja/kuvat/profiilikuva HTTP/1.1
Host: www.hakatemia.fi
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.72 Safari/537.36
Origin: https://www.hakatemia.fi
Referer: https://www.hakatemia.fi/
Connection: close

PATCH method

The basic idea of the PATCH method is to make partial changes to the desired resource. Unlike in the case of the PUT method, the purpose of PATCH is to modify the resource only partially.

The PATCH request below could, for example, change the user's name.

PATCH /kayttajat HTTP/1.1
Host: www.hakatemia.fi
Accept: application/json
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.72 Safari/537.36
Content-Type: application/json
Content-Length: 61

{
  "kayttaja": {
    "id": 12345,
    "Name": "Teppo Tavis"
  }
}

OPTIONS method

The purpose of the OPTIONS method is to request the allowed communication methods for the specific resource from the website. The website's response typically contains a list of allowed HTTP methods. The OPTIONS method is also used in the CORS (Cross-Origin Resource Sharing) mechanism, which enables websites to transmit information through the browser.

OPTIONS /kayttajat HTTP/1.1
Host: www.hakatemia.fi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.72 Safari/537.36
Connection: keep-alive
Origin: https://www.hakatemia.fi

HEAD method

The HEAD method requests the web page to return a completely identical response as in the case of the GET method, but without the requested resource. So the web page is asked to only return the response status code and headers.

HEAD / HTTP/2
Host: www.hakatemia.fi
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.72 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: close

There are several types of HTTP request methods, and as mentioned above, the purposes of these methods are partly very similar, and there is no risk if a developer decides to use, for example, the PUT method instead of the POST method for data storage. However, these are only requests that the browser sends to the website expecting a certain response. In theory, it is completely possible to build a website that behaves completely opposite to how the HTTP protocol is intended to be used. This is entirely up to the developer.