The HTTP
QUERYmethod is a proposed HTTP request method designed to perform safe, idempotent query operations that require a request body.
Table of Contents
- Introduction
- Why QUERY was introduced
- Problems with GET
- Problems with POST
- QUERY Method Overview
- Characteristics
- Syntax
- Request Examples
- Response Examples
- Caching
- Idempotency
- Safe Operations
- Comparison with GET and POST
- Real-world Use Cases
- REST API Examples
- GraphQL Example
- Database Query Example
- Security Considerations
- Browser Support
- Server Support
- Advantages
- Disadvantages
- Best Practices
- Future of QUERY
- Conclusion
1. Introduction
For more than 30 years, HTTP primarily offered these methods for retrieving data:
- GET
- POST
Developers frequently faced a problem:
They wanted to send complex search parameters while still performing a read-only operation.
GET has no standard request body.
POST allows a body but semantically represents resource processing rather than retrieval.
The new QUERY HTTP method solves this gap.
2. Why QUERY Was Introduced
Many modern APIs need complex filtering.
Example:
- Search products
- Search flights
- Analytics queries
- Elasticsearch
- SQL-like APIs
- GraphQL
Sometimes query parameters become enormous.
Example:
GET /users?age=18&country=US&active=true&department=engineering&salary_gt=50000&...
Eventually URLs become thousands of characters long.
Many browsers, proxies, and servers impose URL length limits.
QUERY solves this.
3. Problems with GET
GET works well for simple retrieval.
Example:
GET /users/10
But complex searches become difficult.
Example:
GET /products?
category=electronics&
price_min=100&
price_max=2000&
rating=4&
brand=Apple&
brand=Samsung&
availability=true&
sort=price&
page=5
Problems:
- URL too long
- Hard to maintain
- Encoding issues
- Cannot naturally send JSON
- No nested objects
4. Problems with POST
Many APIs use POST only because it supports a request body.
Example:
POST /products/search
Content-Type: application/json
{
"category": "electronics",
"price": {
"min": 100,
"max": 2000
}
}
Although this works...
POST usually implies:
- resource creation
- processing
- side effects
Searching isn't any of those.
5. QUERY Method Overview
QUERY is intended for:
- read-only operations
- complex searches
- request body support
Example:
QUERY /products
{
"category":"electronics",
"price":{
"min":100,
"max":2000
}
}
The server returns matching resources.
No resource is created.
Nothing changes.
6. Characteristics
| Property | QUERY |
|---|---|
| Safe | Yes |
| Idempotent | Yes |
| Request Body | Yes |
| Cacheable | Potentially |
| Creates Resource | No |
| Updates Resource | No |
7. Basic Syntax
QUERY /users HTTP/1.1
Host: api.example.com
Content-Type: application/json
{
"department":"Engineering",
"age":{
"gte":25
}
}
8. Example Request
QUERY /employees
{
"department":"Engineering",
"experience":{
"gte":5
},
"skills":[
"Node.js",
"Docker"
]
}
Example Response
HTTP/1.1 200 OK
[
{
"id":1,
"name":"Alice"
},
{
"id":2,
"name":"Bob"
}
]
9. Nested Filters
{
"country":"India",
"city":"Delhi",
"salary":{
"min":50000,
"max":120000
},
"skills":[
"Java",
"Node.js",
"AWS"
]
}
Impossible to express cleanly using GET.
10. Complex Boolean Queries
{
"or":[
{
"department":"Engineering"
},
{
"department":"AI"
}
],
"salary":{
"gte":80000
}
}
11. Pagination
{
"page":5,
"size":50,
"sort":"salary",
"order":"desc"
}
12. Full-text Search
{
"query":"Senior Node.js Developer",
"language":"en",
"boost":[
"title",
"skills"
]
}
13. Comparison
| Feature | GET | POST | QUERY |
|---|---|---|---|
| Request Body | ❌ | ✅ | ✅ |
| Safe | ✅ | ❌ | ✅ |
| Idempotent | ✅ | ❌ | ✅ |
| Complex Filters | Poor | Excellent | Excellent |
| URL Length Issues | Yes | No | No |
14. REST Example
GET:
GET /orders?status=paid&page=2
QUERY:
QUERY /orders
{
"status":"paid",
"page":2,
"date":{
"after":"2026-01-01"
}
}
15. Elasticsearch Example
Current:
POST /_search
{
"query":{
"match":{
"title":"Docker"
}
}
}
Future:
QUERY /_search
{
"query":{
"match":{
"title":"Docker"
}
}
}
16. GraphQL Example
Current:
POST /graphql
{
"query":"{ users { id name } }"
}
Potential:
QUERY /graphql
{
"query":"{ users { id name } }"
}
17. SQL API Example
QUERY /database
{
"table":"employees",
"where":{
"salary":{
"gt":50000
}
}
}
18. Security
QUERY does not replace authentication.
Continue using:
- HTTPS
- OAuth
- JWT
- API Keys
Since request bodies may contain sensitive filters, avoid logging them indiscriminately.
19. Caching
Because QUERY is safe and idempotent, responses can be cacheable if servers and intermediaries support appropriate cache semantics.
Implementations may need a way to derive cache keys from the request body.
20. Browser Support
As of today:
- Limited browser support
- Limited proxy support
- Limited CDN support
- Limited framework support
Most HTTP libraries do not yet expose QUERY as a first-class method.
21. Server Support
Many servers will reject unknown HTTP methods unless explicitly configured.
Examples:
- Nginx
- Apache
- Express
- Spring
- ASP.NET
- FastAPI
Support varies by server and framework version.
22. Advantages
✅ Read-only semantics
✅ Request body support
✅ Cleaner APIs
✅ Better REST semantics
✅ Complex JSON filters
✅ Nested objects
✅ No URL size limitations
23. Disadvantages
❌ Not universally supported yet
❌ Some firewalls may block unknown methods
❌ Existing tooling may require updates
❌ Client SDKs may not support it
24. Best Practices
- Use QUERY only for read-only operations.
- Keep requests idempotent.
- Return
200 OKfor successful queries. - Use JSON for structured query payloads.
- Document support clearly for API consumers.
- Continue to use GET for simple retrievals.
25. Future of QUERY
If broadly adopted, QUERY could reduce the misuse of POST for searches and provide a more semantically correct way to perform complex retrieval operations.
However, adoption depends on:
- Browsers
- HTTP clients
- Frameworks
- API gateways
- CDNs
- Reverse proxies
- Cloud providers
Conclusion
The QUERY HTTP method fills a long-standing gap in HTTP by allowing safe, idempotent retrieval requests with a request body. It is particularly useful for complex search APIs, analytics, GraphQL-style queries, and other read-only operations that exceed the practical limits of URL-based query strings.
For now, because ecosystem support is still evolving, most production APIs continue to use GET for simple retrievals and POST for complex searches. As support matures, QUERY has the potential to become the preferred method for expressive, read-only queries.
Top comments (0)