api调用应该是GET还是POST [英] Should api calls be GET or POST
问题描述
我注意到某些API(例如twitter API)对所有内容都使用get方法,因此像这样在url中传递参数
I noticed that some APIs like twitter API use get methods for everything, so the parameters are passed in the url like this
http://api.twitter.com/1/statuses/user_timeline.json?screen_name=screenname
我有一些问题,不胜感激您的评论或更正:
I have some questions and would appreciate comments or corrections:
-
我一直认为使用GET不是一个好主意,最好使用POST.
I always thought that using GET is not a good idea and that it's better to use POST.
我正在编码的API需要一个密钥,并且我认为在URL中发送它不是一个好主意.那么是否可以混合使用POST参数和URL参数?
The API I'm coding requires a key, and I don't think it's a good idea to send it in the URL. So is it possible to mix both POST parameters and URL parameters?
另一个问题是,我听到URL的最大长度,所以我猜想这会使GET变得格格不入,或者是否有变通方法
Another problem is that I hear URLs have a max length, so I guess that would make GET out of the way, or is there a workaround
我在POST中看到的唯一问题(我猜这就是为什么类似Twitter的网站都使用GET的原因)的原因是无法直接从浏览器发出请求.如果我做错了,请纠正我.
The only problem I'm seeing with POST (and which I'm guessing is why a site like twitter went with GET) is that the request can't be made directly from the browser. Correct me if I'm wrong on this.
更新:感谢所有帮助我集思广益的人.我进行了一些更新,以澄清一些评论.
-
当我谈论不希望在URL中发送密钥时,我的意思是,如果用户要为呼叫添加书签,则我不想将该密钥添加书签,而不是我不想根本暴露出来的钥匙.所以我想从答案中可以将其发送到标头字段中?还有其他选择吗?
When I was talking about not wanting to send the key in the URL, what I meant is that I don't want the key bookmarked if a user were to bookmark a call, not that I don't want the key exposed at all. So I guess from the answers, I could send it in the header field? Any other options?
我想澄清一下,当我说POST请求can't be made from the browser时,我应该说POST requests can't be made from the url,就像在http://example.com/api/op.json?param=value中一样.抱歉,我误会了,应该更清楚了.
I want to clarify that when I said POST requests can't be made from the browser, I should have said, POST requests can't be made from the url as in http://example.com/api/op.json?param=value. Sorry, I misspoke, should have been clearer.
是否使用RESTful:我之前使用MVC框架完成了RESTful,该框架负责检测动词,并且URL最终看起来像example.com/entry/1或example.com/entry/,而http谓词是是什么控制着正在执行的操作(创建,更新,删除,列出).从实际意义上讲,我认为RESTful对于类似Crud的数据(创建条目,获取条目,更新条目,删除条目,显示所有条目)最为有用.因此,如果我不需要Crud,就需要REST吗?我的问题:如果调用仅给出输入并返回输出,那么此API是否需要是RESTful的?该url看起来不是RESTful的,因此实现中是否还有其他可以使其成为RESTful的东西?
Re whether it's RESTful or not: I've done RESTful before with an MVC framework that took care of detecting the verbs and the urls ended up looking like example.com/entry/1, or example.com/entry/ and the http verbs are what controlled the operation being performed (create, update, delete, list). I thought, in practical sense, that RESTful was most useful for crud-like data (create entry, get entry, update entry, delete entry, show all entries). So if I don't need crud, do I need REST? My question: if a call simply gives input and returns output, does this API need to be RESTful? The url doesn't look RESTful, so is there something else in the implementation that could make it RESTful?
关于URL大小,您评论了but if you're seriously concerned about it you probably should rethink your API. GET requests shouldn't be sending that much data to the server.,所以我有这个示例:用户想要发送一个大文件.在服务器上,我不会将文件输入数据库或将其保存(因此,按照标准,我不会发布"数据),但是我可能会(这些都是快速思考的示例,因此请放轻松地考虑) :
As to the URL size, you commented but if you're seriously concerned about it you probably should rethink your API. GET requests shouldn't be sending that much data to the server. So I have this example: user wants to send a large file. On the server, I won't enter the file into the database or save it (so according to standards I'm not "posting" data), but maybe I'm (these are quickly thought examples, so please take them loosely):
- (a)读取文件的元数据并返回它(应该是GET或POST),或者
- (b)我正在读取元数据并修改文件上的元数据,然后返回修改后的文件(应该是GET或POST).
- 这是为什么我可能需要发送大数据的一个示例.问题是(a)和(b)被认为是GET或POST操作吗?这就是为什么我要问URL最大长度的原因
推荐答案
1.我一直以为使用GET并不是一个好主意,而使用POST则更好.
1. I always thought that using GET is not a good idea and that it's better to use POST.
使用GET读取信息,使用POST写入信息. GET请求不应修改服务器端状态,而POST请求可以安全地进行修改.通常,将GET用于读取,将POST用于写入.您的API可能应该混合使用这两种方法,具体取决于每个特定的API调用执行的操作.
Use GET for reading information, POST for writing information. GET requests shouldn't modify server-side state, while POST requests can safely do so. In general use GET for reads and POST for writes. Your API should probably use a mixture of both, depending on which each specific API call does.
2.我正在编码的API需要一个密钥,并且我认为在URL中发送它不是一个好主意.那么可以同时使用POST参数和URL参数吗?
2. The API I'm coding requires a key, and I don't think it's a good idea to send it in the URL. So is it possible to mix both POST parameters and URL parameters?
通过POST发送数据根本不会增加任何安全级别. GET请求的安全性不亚于POST请求;他们是相同的.要传输私人数据,请使用SSL.
Sending data via POST doesn't add any level of security at all. GET requests are no less insecure than POST requests; they are identical. For transferring private data, use SSL.
理想情况下,您应该使用Authorization之类的HTTP标头来传输密钥,因为该密钥不太可能被中介记录下来,也不太可能像bug跟踪程序那样被发送给第三方服务.
You should ideally use an HTTP header like Authorization to transmit the key, as this is less likely to be logged by intermediaries, or to be emitted to 3rd party services like bug-trackers.
3.另一个问题是,我听到URL的最大长度,所以我想这会使GET变得不方便,或者有解决方法
3. Another problem is that I hear URLs have a max length, so I guess that would make GET out of the way, or is there a workaround
尽管某些浏览器强加一个.通过JavaScript生成GET请求时,这可能并不重要,但是如果您对此非常担心,则可能应该重新考虑您的API. GET请求不应向服务器发送那么多数据.
There is no maximum URL length defined by the HTTP standard, though some browsers impose one. This probably doesn't matter when generating GET requests via JavaScript, but if you're seriously concerned about it you probably should rethink your API. GET requests shouldn't be sending that much data to the server.
4.我在POST中看到的唯一问题(我猜是为什么Twitter之类的网站使用GET的原因)是无法直接从浏览器发出请求.如果我做错了,请纠正我.
4. The only problem I'm seeing with POST (and which I'm guessing is why a site like twitter went with GET) is that the request can't be made directly from the browser. Correct me if I'm wrong on this.
您的浏览器可以像生成GET请求一样轻松地生成POST请求,而通过地址栏提交POST请求则更加困难.
Your browser can generate POST requests just as easily as GET requests, it's simply harder to submit POST requests via the address bar.
这篇关于api调用应该是GET还是POST的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
