<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Husnain Izhar</title>
    <description>The latest articles on DEV Community by Husnain Izhar (@husnainizhar).</description>
    <link>https://dev.to/husnainizhar</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4013614%2F4bed2691-ec86-4e9c-9446-fbc2fac7625e.png</url>
      <title>DEV Community: Husnain Izhar</title>
      <link>https://dev.to/husnainizhar</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/husnainizhar"/>
    <language>en</language>
    <item>
      <title>HTTP QUERY: The New Method That Ends the GET-vs-POST Debate (RFC 10008)</title>
      <dc:creator>Husnain Izhar</dc:creator>
      <pubDate>Fri, 03 Jul 2026 12:38:00 +0000</pubDate>
      <link>https://dev.to/husnainizhar/http-query-the-new-method-that-ends-the-get-vs-post-debate-rfc-10008-5ml</link>
      <guid>https://dev.to/husnainizhar/http-query-the-new-method-that-ends-the-get-vs-post-debate-rfc-10008-5ml</guid>
      <description>&lt;p&gt;Every backend developer has stood at this fork in the road.&lt;/p&gt;

&lt;p&gt;You're building a search endpoint. The filter payload is big — nested filters, arrays, sort rules, pagination. And you have to pick a method:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;
&lt;strong&gt;GET?&lt;/strong&gt; It's the &lt;em&gt;correct&lt;/em&gt; choice semantically. Safe, cacheable, read-only. But your query won't fit in the URL.&lt;/li&gt;
&lt;li&gt;
&lt;strong&gt;POST?&lt;/strong&gt; The body fits fine. But now you're lying — POST says "I'm changing something," and you're just reading data.&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;For about 20 years, we picked one and quietly felt wrong about it.&lt;/p&gt;

&lt;p&gt;Last month, the IETF finally settled it. &lt;strong&gt;RFC 10008 — The HTTP QUERY Method&lt;/strong&gt; was published as a Proposed Standard in June 2026.&lt;/p&gt;

&lt;p&gt;Let's look at why the old options were never quite right, and what QUERY actually fixes.&lt;/p&gt;

&lt;h2&gt;
  
  
  Option 1: GET — safe, but it doesn't scale
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight http"&gt;&lt;code&gt;&lt;span class="err"&gt;GET /search?q=phones&amp;amp;filter=inStock&amp;amp;sort=price&amp;amp;page=3

// safe + cacheable ✅
// but... 414 URI Too Long ❌
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;GET is semantically perfect for search — it's safe (no side effects) and cacheable. The problem is purely mechanical: URLs have length limits. Browsers cap them, servers cap them, proxies and CDNs cap them. Once your filter object gets complex — an array of categories, a price range, nested boolean logic — you blow past those limits and start getting 414 URI Too Long.&lt;/p&gt;

&lt;p&gt;You can URL-encode a giant JSON blob into a query string, but at that point you're fighting the tool.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Option 2: POST — it fits, but it lies&lt;/strong&gt;&lt;br&gt;
POST /search&lt;br&gt;
Content-Type: application/json&lt;/p&gt;

&lt;p&gt;{ "filter": "inStock", "sort": "price" }&lt;/p&gt;

&lt;p&gt;// body fits ✅&lt;br&gt;
// but POST means "I'm changing data" — a lie ❌&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight http"&gt;&lt;code&gt;&lt;span class="err"&gt;So most of us reach for POST. The body holds any payload you want. Done, right?

Not quite. POST is defined as neither safe nor idempotent — it signals that the request changes server state. But a search is read-only. That mismatch has real consequences:

Caches won't cache it (POST responses generally aren't cacheable).
Clients and proxies won't safely retry it on a network blip, because a retried POST could duplicate a side effect that, in your case, doesn't even exist.
Anyone reading your API can't tell a "search" POST from a "create order" POST without extra docs.
POST works. It just describes the wrong thing.

**The fix: QUERY**
QUERY /search
Content-Type: application/json

{ "filter": "inStock", "sort": "price" }

// safe + idempotent like GET ✅
// carries a request body like POST ✅
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;QUERY is exactly the method that was missing. From RFC 10008, a QUERY request asks the server to process the enclosed content in a safe and idempotent manner and return the result.&lt;/p&gt;

&lt;p&gt;In practice, that means:&lt;/p&gt;

&lt;p&gt;✅ Safe &amp;amp; idempotent, like GET — so it can be retried automatically without fear of side effects.&lt;br&gt;
✅ Carries a request body, like POST — so your complex filters live in a proper JSON payload, not a fragile URL.&lt;br&gt;
✅ Purpose-built for read-only data APIs — search, reporting, GraphQL-style queries, anything where "read a lot with a big query" is the shape.&lt;br&gt;
It's the best of both, and it took a while — roughly 11 years from the first draft to a published standard.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Is it usable yet?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;Sooner than you'd think:&lt;/p&gt;

&lt;p&gt;Node.js has parsed the QUERY method natively since early 2024.&lt;br&gt;
OpenAPI 3.2 can document QUERY operations.&lt;br&gt;
Framework and tooling support (routers, client libraries, caches, WAFs) is still catching up — so you'll want to check your whole request path before shipping it to production.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;So, should you switch?&lt;/strong&gt;&lt;/p&gt;

&lt;p&gt;For brand-new read-heavy APIs, QUERY is worth designing around now — with a POST fallback while the ecosystem matures. For entrenched POST /search endpoints, there's no rush, but it's finally a first-class, standardized answer instead of a compromise.&lt;/p&gt;

&lt;p&gt;The "should this be GET or POST?" argument in code review? After 20 years, it finally has a real third option.&lt;/p&gt;

&lt;p&gt;&lt;em&gt;I'm Husnain Izhar, a Software Architect. I write about backend, APIs, and the practical side of building systems. If this was useful, follow me here — and I'd love to hear whether you're planning to reach for QUERY.&lt;/em&gt;&lt;/p&gt;

</description>
      <category>http</category>
      <category>api</category>
      <category>webdev</category>
      <category>backend</category>
    </item>
  </channel>
</rss>
