HTTP GET with Request body – Guidelines
If you are reading this article, then I think you are looking at the possible use case of using HTTP GET with request body parameters.
Similar guidelines discussed here can be used as a reference for HTTP idempotent methods like DELETE methods also.
We will cover below a few aspects in the article,
There could be multiple legitimate use cases for this in your case. But for me recently I needed to send very large input using the GET method and wanted to verify if I can send large input with body parameters.
What is the maximum size of Url in GET?
We cannot send very large inputs due to technical limitations of maximum URL length size which is found to be approximately ~2000 characters in general.
These limitations are more found on the server side and it is possible that some servers might just ignore the body of GET requests or behavior like caching GET requests might cause issues.
So in order to solve the issue, I looked at options like sending body parameters within the GET method.
I was stuck with this issue and I had to do a lot of analysis on finding the best resolutions.
I found that due to limitations on URI max length GET method can not be used for sending large input data either through putting details in URI directly or using the query parameter within the URL.
RFC Specification
As per RFC 7231 below are guidelines for rest get with the body,
GET is the primary mechanism of information retrieval and the focus of almost all performance optimizations.
A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request.
Specification and What it meant to us?
Specification clarifies the support for the GET method with body parameters. But please note that it also warns us of its usage.
So if the length of parameters is longer and the server indeed receives the data from the body that supports it then you should be good to follow these specifications.
You must also validate other Test tools supporting it like Postman, Swagger, and Soap UI etc.
But, I wanted to see a more legitimate reason for not sending Body parameters in GET.
Below are a few major limitations and guidelines elaborating to use or not to use HTTP GET or DELETE method with body parameters.
Below are a few examples with some guidelines which can help you decide to opt IN/OUT of this support in your APIs.
GET support Body in .NET Core
After following the above specifications, I validated the .NET Core support for GET method with the Body parameter.
GET method was successful with [FromBody] parameters proving .NET Core has already added support in accordance with the specification.
Please see the below implementation,
[AllowAnonymous]
[HttpGet]
public IActionResult Token([FromBody]LoginModel login)
{
return Ok(login.Username);
}
Here is the Client-side code to execute the GET method with Body,
var request = new HttpRequestMessage
{
Method = HttpMethod.Get,
RequestUri = new Uri("https://localhost:44341/api/auth"),
Content = new StringContent(json, Encoding.UTF8, "application/json")
};
Please see here for a complete sample code for GET and DELETE requests.
GET doesn’t support Body in .NET Framework
GET doesn’t support Body in .NET Framework and gives the below error,
"Cannot send a content-body with this verb-type."
Using Fiddler – Warning for GET
Fiddler warns you but allows us to send the body and the operation runs successfully.
SOAP UI – No support
I don’t find support exists for sending body parameters with GET method using SOAP UI.
PostMan UI- Support
The recent version has added support for sending body parameters with GET method using POSTMan UI.
Using Swagger – No support
Swagger Open API documentation gives the below error for GET method,
"Failed to execute 'fetch' on Windows. Request with GET/HEAD method can not have the body".
Swagger gives the below error for DELETE method,
"DELETE operations cannot have a request Body"
Server Configuration issues
- A lot of servers cache the responses to GET and HEAD requests. This behavior might cause issues.
- It’s also possible that the Server might just ignore the body of GET request.
Proxy Issues
Please be cautious that proxies might break your request in various ways if the body is included in GET method.
A few other reasons alarming us to not use GET with Body are as below,
- Amazon CloudFront doesn’t support GET with the Body parameter.
- Sping-framework doesn’t support GET with the body.
- XMLHttpRequest doesn’t support GET with the body.
- Most Javascript libraries don’t support GET with a body.
Few examples where GET with the body is supported,
- Elastic search support GET with body parameters. (This is the only example, I found in the support.)
- Recent .NET Core framework-based application support GET with body
Other useful references:
Summary
Today in this article we looked at HTTP GET support for body parameters. Although the specification clarifies support for GET method with body parameters, it also warns us about its usage and clarifies that it is not useful to do so. We looked at multiple aspects of using GET with body parameters including Tools and Testing support with its pros and cons etc.
Do you have any comments or ideas or any better suggestions to share?
Please sound off your comments below.
Happy Coding !!
Please bookmark this page and share it with your friends. Please Subscribe to the blog to receive notifications on freshly published(2024) best practices and guidelines for software design and development.
If you find yourself needing to send a huge list of items in the query string, body or otherwise while making a HttpGet call, you most definitely have an architectural issue on the client side. Using HttpPost or GET with the [FromBody] is not the answer.
Thanks GoodFeathers for your comments. I agree with that understanding.
Hi ,
Thanks for guidelines.
WHat if I need an alternative for Get request.
I do not want to use the Post request. Lets say I want get products from a server with multiple query params, but the list of query params could be huge. What approach do you suggest in such cases.
This was an interview question, I will learn something new if answered.
Regards,
Anand
Hello Anand – I believe there is no straight answer to this question as there are some design limits on the length of the character of the query. As I already discussed with limitation on body parameters above,
I would rather prefer to stick to the REST principle. I will send an asynchronous query at a time and combine the result for a set of chunks. Please see here my other post which explains asynchronous query and combine all result for the GET method.Invoke Multiple Async API and Combine Results using WhenAll
I hope this helps.
Thank you for a quick reply.
Read your suggestion, Thinking if multiple dB queries is a good option for my scenario. Thanks for the suggestion.
Very helpful guidelines!! Thank you
I liked the details you have shared in this article. Appreciate that! . However it would be great if you also conclude what is best in such scenarios? Should we use POST as a good measure ?
Thanks, Manual, appreciate your comments.:) I do agree with that.
After all of those limitation, i certainly did not use FromBody parameter in GET method.
I refactored and optimize my existing GET method, leveraging an Asynchronous operation(considering REST principles)and sending multiple requests etc.
If one sees refactoring as a limitation or challenge then the POST method can be used. Again these are just guidelines that could help to decide.