My way of understanding things are like this:
GET:
1. URL can be bookmarked. what dose it mean? One user logs in (so registered and authorised), gets some data. If the queries/updates can be passed in URL, then this URL can
be bookmarked and used by any unauthorised person to get access
to the data, which defeats the purpose.
2. The GET method should be safe, that is, without any side effects for which users are held responsible. i would not perform any updates or things like that where
there is a likelyhood of data corruption.
3. If a client request is intended to change stored data, the request should use some other HTTP method. Should use POST method. Modification of data is not to be
allowed thur the GET method, since it has to be safe.
4. The GET method should also be idempotent, meaning that it can be safely repeated. What dose it mean and how dose it work? Any examples pl. say something like a login. Users should be able to login any
number of times they want. Doesn't necessarily mean login two
times at the same time.
POST:
1. This method does not need to be either safe or idempotent. This sentence simply complements the next sentence. Pl. read the
expln. below.
2. Operations requested through POST can have side effects for which the user can be held accountable. Data modification should be performed with these methods.
Any updates etc. An example would be
Change Passwd.
So we take the input new passwd, do the validity checks (sample):
passwd should be 8 chars or more no special chars. cannot be consecutive numbers...
yada yada yada.... So if any of these rules are voilated, then we know its a user
error. Otherwise, we could go ahead and update the user profile
with the new passwd.
Though practically, these two methods can be used
interchangeably, the API suggests that we follow these
guidelines.
Hope this helps.
Regds.
- satya
