re: Why you should use standard HTTP methods when designing REST APIs VIEW POST

VIEW PARENT COMMENT VIEW FULL DISCUSSION

Yes, idempotence is important but it goes hand in hand with verbs. Browsers and API clients work on the assumption that a POST verb is never idempotent and will behave accordingly so it is important to keep that relationship intact.

I agree with the points you make about advantages of using a POST verb to hide sensitive data.

Browsers and API clients work on the assumption that a POST verb is never idempotent and will behave accordingly

Does this mean, they assume other verbs to be always idempotent and also behave accordingly?

I used POST as an example in my statement. What I wanted to say that they will assume what the standard says and behave accordingly.

What about checking for authorization before returning such GET requests? Wouldn't it be another way of protecting sensitive data.

I may be misunderstanding your point but it goes without saying that you always properly protect your API, no matter HTTP method is being used.

code of conduct - report abuse