27

Is it against best-practices to use a POST request to read data? Are there any exceptions to this? e.g. Authentication requests where you have to POST data to perform a read action.

I have an API call that requires a lot of parameters and it's basically a Read action. I can't use GET request because it may hit the URI limit.

I have heard that it's against REST best-practices to use a POST request to read data and I highly prefer to follow the best-practices as the API is supposed to be publicly accessible to the company's clients.

If I should not do that, how should I design my API to properly address these cases?

Mahdi
  • 2,003

4 Answers4

7

One thing we've done where I work is to have a "storage" service API. Basically, you POST a JSON object to the service, and it returns a UUID. You send the UUID as a query parameter on any subsequent API call and it will get the parameters/data from the storage service. It's especially handy if you will be making multiple calls with the same data, as you only have to send it once.

TMN
  • 11,383
3

After reading couple of similar questions I realised that REST is not actually designed to solve this problem. So I have decided to go for JSON-RPC rather REST which offers more flexibility and seems to be the right solution for these sort of problems.

Mahdi
  • 2,003
2

Yes, you can make it work at least using WCF, it's bit different in MVC and Web API where you add attributes to methods like [GET] [POST] etc..

I have heard that it's against REST best-practices to use a POST request to read data and I highly prefer to follow the best-practices as the API is supposed to be publicly accessible to the company's clients.

Off course it is bad practice to use POST for getting data as POST is for creating resources in system not getting them.

Best practices for REST

I have an API call that requires a lot of parameters and it's basically a Read action. I can't use GET request because it may hit the URI limit.

Use array for sending parameters or create objects if your parameters are related

Muhammad Raja
  • 284
0

To improve on TMT's answer instead of using a storage service to store UUIDs against request parameters. You can instead write a stateless API using JSON Web Tokens. This will eliminate the issue of managing storage, will allow reuse and caching.

The flow will look like this:

  1. Client sends a JSON object with request params as a POST request to your Tokenize API.
  2. API returns a JSON Web Token generated using JSON object provided as payload.
  3. Client issues a GET request to your actual API with that token as a parameter.
  4. Your API (or ideally a middleware) decodes the token to get the request params and processes the request.

This method requires no storage.
Implementation of actual API does not require any special consideration.
Ensures tokens do not get tampered on the way.
Since there is no state there is no need to worry about data corruption. Caching is much easier. Applying to multiple APIs is trivial and can be done without supervision of any other team member.

Keep in mind that if your payload is too large JWT can be large too. Ensure your url length does not exceed 2000 characters. I tried with a 1.9K JSON and got a 1695 char JWT (which should be more than enough IMO)

Kasahs
  • 109