HTTP

METHODS(verbs), header and body

What is HTTP

A request

A typical HTTP request consists of the following components:

1. HTTP Method (Verb)

  • The action to be performed on the resource. Common methods include:
    • GET: Requests data from a server.
    • POST: Sends data to the server (often to create or update resources).
    • PUT: Updates an existing resource.
    • DELETE: Deletes a resource.
    • HEAD: Retrieves metadata (headers only) without the body.
    • OPTIONS: Describes communication options for the target resource.

2. URL/Request URI

  • The path to the resource being requested. Example: /products/123.

3. HTTP Version

  • Indicates the HTTP protocol version being used (e.g., HTTP/1.1 or HTTP/2).

4. Headers

  • Key-value pairs that provide additional information about the request. Common headers include:
    • Host: Specifies the domain (e.g., example.com).
    • User-Agent: Identifies the client making the request (browser, app, etc.).
    • Accept: Specifies the types of content the client can handle (e.g., application/json).
    • Authorization: Carries credentials (e.g., tokens for authentication).
    • Content-Type: Specifies the type of data in the body (e.g., application/json for JSON payloads).
    • Content-Length: Size of the request body in bytes.

5. Body (Optional)

  • Contains the data sent to the server. Used with methods like POST and PUT.
  • Example: JSON payload for creating a resource, file uploads, form data.

6. Query Parameters (Optional)

  • Attached to the URL, providing additional filtering or data (e.g., /search?q=nodejs&page=2).

An HTTP response consists of the following key components:

1. Status Line

  • Contains the HTTP version, status code, and a reason phrase that briefly describes the status code.
    • Status Code: Indicates the result of the request. Common codes include:
      • 200 OK: The request was successful.
      • 201 Created: A new resource was successfully created.
      • 400 Bad Request: There was a client-side error.
      • 401 Unauthorized: Authentication is required or failed.
      • 404 Not Found: The requested resource could not be found.
      • 500 Internal Server Error: A server-side error occurred.
    • Reason Phrase: A textual description of the status code (optional and can vary).

    Example: “HTTP/1.1 200 OK”

2. Headers

  • Key-value pairs that provide metadata about the response, similar to request headers. Common headers include:
    • Content-Type: Indicates the type of data in the response body (e.g., application/json, text/html).
    • Content-Length: Specifies the size of the response body in bytes.
    • Date: The date and time when the response was sent.
    • Server: Information about the server that processed the request.
    • Cache-Control: Directives for caching mechanisms.
    • Set-Cookie: Sends cookies from the server to the client.

    Example: “Content-Type: application/json” and “Content-Length: 123”

3. Body (Optional)

  • Contains the actual data being sent back to the client. The body is optional and depends on the status code and request. For example:
    • A 200 OK response might include HTML, JSON, XML, or other content.
    • A 204 No Content response does not send a body.
    • A 404 Not Found response could include an error page or message.

    Example: A JSON body containing product details such as “id”, “name”, “price”, and “stock”.

4. HTTP Version

  • Indicates the version of the HTTP protocol being used in the response, such as HTTP/1.1 or HTTP/2.

Example of an Entire HTTP Response

A successful HTTP response might contain the status “HTTP/1.1 200 OK”, with headers like “Content-Type: application/json” and “Content-Length: 85”, followed by a body containing product data in JSON format.

Example of a 404 Response

An HTTP 404 response might have the status “HTTP/1.1 404 Not Found”, with headers like “Content-Type: text/html” and “Content-Length: 49”, followed by an HTML error message such as “404 Not Found”.

Each part of the response serves to communicate the outcome of the request, metadata about the response, and any content or data that the server is returning.

http-request-response-cycle

Header

The main purpose of the header is to exchange metadata. The contain data in form of key/value pair. Some headers are sent automatically and some need to be set manually

Request

Mandatory

  • Host
    • HTTP/1.1

Commonly used

  • User-Agent
    • Identifies the client software (e.g., browser)
  • Cache-Control
    • Control caching behavior
      • no-cache  . Forces revalidation with the server before using a cached copy.
      • no-store  . Instructs not to store any part of the request or response in cache.
      • max-age=3600  . Specifies that the client can accept a cached response that is up to 3600 seconds old.
  • Accept
    • Indicates the media types that are acceptable in the response
      • application/json .Indicates that the client prefers a JSON response.
      • text/html . Indicates that the client prefers an HTML response.
      • image/png . Indicates that the client prefers a PNG image.
      • application/json, text/html . Indicates that the client can accept either JSON or HTML responses.
      • application/xml, application/json . Indicates that the client can accept either XML or JSON..
      • */* . Indicates that the client can accept any media type.
      • text/* . Indicates that the client can accept any text-based media type (e.g., text/plain, text/html).
  • Connection
    • Controls whether the connection stays open.
      • keep-alive  . Requests that the server keep the connection open for further requests.
      • close  .Requests that the server close the connection after the response.
  • Accept-Language
    • Specifies the preferred languages for the response
      • en-US . Prefers American English.
      • fr . Prefers French.
  • Accept-Encoding
    • Lists content encodings the client supports (e.g., gzip).
      • gzip .Indicates that the client supports gzip compression.
      • deflate . Indicates that the client supports the deflate compression method.
  • Authorization
    • Contains credentials for authentication.
      • Basic <base64_encoded_credentials> . For Basic Authentication, where <base64_encoded_credentials> is the Base64 encoding of username:password.
      • Bearer <token> . For Bearer Token Authentication, where <token> is a security token that grants access to resources (commonly used with OAuth 2.0).
      • Digest <credentials> . For Digest Authentication, which includes more complex authentication information.
  • Content-Type
    • Indicates the media type of the request body (used with POST/PUT)
      • application/json . Indicates that the request body contains JSON data.
      • application/x-www-form-urlencoded   . Indicates that the request body contains URL-encoded form data (commonly used in HTML forms).
      • multipart/form-data . Indicates that the request body contains multipart data, often used for file uploads.

Custom headers – Traditionally there were added a X- prefix but this practice is not commonly used anymore.

  • X-My-Header

Response

Commonly used

  • Status-Line
    • Contains the HTTP version, status code, and reason phrase.
  • Content-Type
    • Indicates the media type of the response body.
      • text/html . Indicates that the response body contains HTML content.
      • application/json . Indicates that the response body contains JSON data.
      • image/png  . Indicates that the response body contains a PNG image.
  • Content-Length
    • Specifies the size of the response body in bytes.
  • Cache-Control
    • Directs caching mechanisms on how to handle the response.
      • public   .Indicates that the response may be cached by any cache.
      • private .Indicates that the response is intended for a single user and should not be stored by shared caches.
      • max-age=86400  . Specifies that the response can be cached for a maximum of 86400 seconds (1 day).
  • Expires
    • Provides a date/time after which the response is considered stale.
  • Set-Cookie
    • Sends cookies from the server to the client.
      • sessionId=abc123; Path=/; HttpOnly   . Sets a cookie named sessionId with a value of abc123, available to all paths under the root and not accessible via JavaScript (due to the HttpOnly attribute).
      • theme=dark; Expires=Wed, 21 Oct 2024 07:28:00 GMT; Secure  . Sets a cookie named theme with a value of dark, which expires at the specified date and is only sent over secure HTTPS connections.
      • Set-Cookie: user=JohnDoe; Max-Age=3600; SameSite=Lax   . Sets a cookie named user with a value of JohnDoe, which lasts for 3600 seconds and has a SameSite policy of Lax to mitigate CSRF attacks.
  • Access-Control-Allow-Origin
    • Indicates whether the response can be shared with requesting code from the given origin.
      • *   .Allows any origin to access the resource (not recommended for sensitive data).
      • https://example.com  . Permits only requests from https://example.com to access the resource.
      • http://sub.example.com   . Allows requests from a specific subdomain.
  • Connection
    • Indicates whether the connection will be kept open or closed after the response.
      • keep-alive
      • close

Custom headers – Traditionally there were added a X- prefix but this practice is not commonly used anymore.

  • X-My-Header

Body

The main purpose of the header is to exchange metadata. The contain data in form of key/value pair. Some headers are sent automatically and some need to be set manually

Request

The request body carries data sent from the client to the server. This is common in methods like POST, PUT, and PATCH

Common Formats

JSON
{
“name”: “John Doe”,
“email”: “john@example.com”
}

URL-encoded Form Data:
name=John+Doe&email=john%40example.com

Multipart Form Data (for file uploads):
–boundary
Content-Disposition: form-data; name=”file”; filename=”example.txt”
Content-Type: text/plain

(contents of the file)
–boundary–

Response

Purpose: The response body carries the data sent from the server back to the client.

Common Formats

JSON
{
“status”: “success”,
“data”: {
“id”: 1,
“message”: “Data retrieved successfully.”
}
}

Plain Text:
Hello, this is a plain text response.

HTML

Termomonlogy and Concept

When working with HTTP headers, there are several key terms and concepts to be familiar with:

1. Header Field

  • Definition: A key-value pair sent in the HTTP request or response.
  • Example: Content-Type application/json/span>
  • Terminology: The “header field” refers to the entire line (Content-Type: application/json), with the “key” being Content-Type and the “value” being application/json.

2. Header Name

  • Definition: The “key” part of a header field.
  • Example: Content-Type
  • Terminology: Also referred to as the header field name or simply “header.”

3. Header Value

  • Definition: The “value” part of a header field.
  • Example: application/json (for Content-Type).
  • Terminology: Referred to as the header field value.

4. Request Headers

  • Definition: Headers sent by the client (like a web browser or curl) to the server as part of an HTTP request.
  • Example: User-Agent, Accept, Authorization

5. Response Headers

  • Definition: Headers sent by the server back to the client in response to an HTTP request.
  • Example: Content-Type, Set-Cookie, Content-Length

6. Entity Headers

  • Definition: Headers that provide information about the body of the request or response, such as its content type or length.
  • Example: Content-Type, Content-Length

7. General Headers

  • Definition: Headers that can be used in both requests and responses, but don’t relate to the body of the message.
  • Example: Cache-Control, Connection

8. Request-Line

  • Definition: The first line of an HTTP request, containing the HTTP method, URL, and protocol version.
  • Example: GET /index.html HTTP/1.1

9. Status-Line

  • Definition: The first line of an HTTP response, containing the HTTP version, status code, and reason phrase.
  • Example: HTTP/1.1 200 OK

10. Standard Headers

  • Definition: Headers defined by the HTTP specification and commonly used in requests and responses.
  • Example: Host, Content-Type, User-Agent, Content-Length

11. Custom Headers

  • Definition: Non-standard headers that can be defined by developers to pass additional information.
  • Example: X-Custom-Header: my-custom-value

Understanding these terms helps you better navigate and work with headers in HTTP requests and responses.

FAQ

Here’s the breakdown:

  • Header Field: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
    • This is the entire key-value pair (the line itself).
  • Header Name: User-Agent
    • This is the “key” part of the header field.
  • Header Value: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
    • This is the “value” part of the header field.

Termomonlogy and Concept

GET:

  • Purpose: Retrieve data from the server.
  • Usage: Used to request data from a specified resource.
  • Characteristics:
    • Typically does not have a request body (payload).
    • The parameters are usually sent as query parameters in the URL.

GET /api/users/1 HTTP/1.1
Host: api.example.com

POST:

  • Purpose: Send data to the server to create a new resource.
  • Usage: Often used to submit forms or upload files.
  • Characteristics:
    • Contains a request body (payload) with data to be processed by the server.

POST /api/users HTTP/1.1
Host: api.example.com
Content-Type: application/json

{
“name”: “John Doe”,
“age”: 30
}

PUT:

  • Purpose: Update an existing resource or create it if it does not exist
  • Usage: Used to send updated data to the server for a specific resource
  • Characteristics:
    • Contains a request body (payload) with the updated data.

PUT /api/users/1 HTTP/1.1
Host: api.example.com
Content-Type: application/json

{
“name”: “Jane Doe”,
“age”: 31
}

DELETE:

  • Purpose: Remove a specified resource from the server.
  • Usage: Used to delete a resource identified by the request URL.
  • Characteristics:
    • Typically does not contain a request body (payload).

DELETE /api/users/1 HTTP/1.1
Host: api.example.com

PATCH:

  • Purpose:Partially update an existing resource
  • Usage: Used to send a set of changes to apply to a resource
  • Characteristics:
    • Contains a request body (payload) with only the changes to be applied.

PATCH /api/users/1 HTTP/1.1
Host: api.example.com
Content-Type: application/json

{
“age”: 32
}

Summary:

  • The HTTP verbs GET, POST, PUT, DELETE, etc., are only used in requests sent from a client to a server.
  • Each verb defines a specific action the client wants the server to perform on the resource specified in the request URL.
  • Responses from the server will typically include a status code and a response body, but they do not use these verbs; they are only relevant for requests.

If

Complete list of HTTP verbs

1. GET

  • Description: Retrieve data from the server.
  • Use Case: Used to request a resource or collection of resources.
  • Idempotent: Yes

2. POST

  • Description: Send data to the server to create a new resource.
  • Use Case: Often used for submitting forms or uploading files.
  • Idempotent: No

3. PUT

  • Description: Update an existing resource or create it if it does not exist.
  • Use Case: Used to send updated data to a specific resource.
  • Idempotent: Yes

4. DELETE

  • Description: Remove a specified resource from the server.
  • Use Case: Used to delete a resource identified by the request URL.
  • Idempotent: Yes

5. PATCH

  • Description: Partially update an existing resource.
  • Use Case: Used to apply partial modifications to a resource.
  • Idempotent: No

6. HEAD

  • Description: Retrieve the headers of a resource without the body.
  • Use Case: Used to check what a GET request will return before actually making a GET request.
  • Idempotent: Yes

7. OPTIONS

  • Description: Describe the communication options for the target resource.
  • Use Case: Used to determine the allowed methods and options for a specific resource.
  • Idempotent: Yes

8. CONNECT

  • Description: Establish a tunnel to the server identified by the target resource.
  • Use Case: Used with proxies to create a tunnel for SSL-encrypted communication (HTTPS).
  • Idempotent: No

9. TRACE

  • Description: Perform a message loop-back test along the path to the target resource.
  • Use Case: Used for diagnostic purposes to see how the request is being processed.
  • Idempotent: Yes

10. LINK

  • Description: Establish a relationship between the source resource and the target resource.
  • Use Case: Used in Web Linking to create relationships.
  • Idempotent: No

11. UNLINK

  • Description: Remove a relationship between the source resource and the target resource.
  • Use Case: Used in Web Linking to remove relationships.
  • Idempotent: No

12. PURGE

  • Description: Remove cached data from a cache server.
  • Use Case: Used in caching scenarios to invalidate cache entries.
  • Idempotent: Yes

13. COPY

  • Description: Create a duplicate of the resource identified by the URI.
  • Use Case: Used in WebDAV for duplicating resources.
  • Idempotent: No

14. MOVE

  • Description: Move a resource from one URI to another.
  • Use Case: Used in WebDAV for moving resources.
  • Idempotent: No

15. LOCK

  • Description: Lock a resource to prevent other users from modifying it.
  • Use Case: Used in WebDAV for resource locking.
  • Idempotent: No

16. UNLOCK

  • Description: Unlock a previously locked resource.
  • Use Case: Used in WebDAV to release locks on resources.
  • Idempotent: No

Idempotent vs. Non-Idempotent

  • Idempotent methods: Making the same request multiple times will have the same effect as making it once (e.g., GET, PUT, DELETE).
  • Non-idempotent methods: Making the same request multiple times may result in different outcomes (e.g., POST).

Summary

  • The main HTTP verbs you’ll encounter frequently are GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, CONNECT, and TRACE.
  • The additional methods like LINK, UNLINK, PURGE, COPY, MOVE, LOCK, and UNLOCK are primarily used in specific contexts like WebDAV or caching.

If you have any specific questions or need examples of how to use any of these verbs, feel free to ask!