MIDAS Knowledge Base MIDAS Knowledge Base

Should I use GET or POST when making API calls?

The optional MIDAS API (Application Programming Interface) allows developers to programmatically interface directly with our web based scheduling software, MIDAS.

Calls to the API can be made via simple http requests. Both "GET" and "POST" http "methods" are supported by the API (although support for the "GET" method is disabled by default, and needs enabling if required - we'll cover this later).

This article explains the differences between the "GET" and "POST" http methods (also known as http "verbs"), and why we'd encourage you to only make and allow "POST" requests when using the MIDAS API.

What are HTTP request methods (verbs)?

HTTP (or the Hypertext Transfer Protocol) is designed to enable communications between clients and servers. It works by establishing a "request-response" protocol between the client and the server.

GET requests

When you type a URL into your browser's address bar, your browser (the client) sends an HTTP request to the server where the website you're trying to reach resides.

This is a "GET" request - i.e. "get" (retrieve) data from the specified resource (server). GET is the most common form of HTTP request.

POST requests

A "POST" request on the other hand is typically used to "post" (send) data to the specified resource (sever). This is the common HTTP method used when filling in a form and submitting it on a web page.

GET vs POST

The two methods are interchangeable - for instance, you can "send" additional data as part of a "GET" request. Similarly, you can "retrieve" data as the result of a "POST" request.

For example, the following "GET" request also sends two parameters ("parameter1" and "parameter2") with two values ("value1" and "value2" respectively) to the server:

https://your-domain.com/contact/contact_form.php?parameter1=value1&parameter2=value2

In a "POST" request, the additional data isn't "appended" to the URL itself, as in a "GET" request, but rather it is stored in the body of the HTTP request. The "POST" equivalent of the above example "GET" request would be:

POST /contact/contact_form.php HTTP/1.1
Host: your-domain.com
parameter1=value1amp;parameter2=value2

Which is better - GET or POST?

Because "GET" requests "append" data to the URL, they have a number of limitations and drawbacks, including:

  • GET requests can be cached
  • GET requests can be be stored in server access logs
  • GET requests can remain in the browser history
  • GET requests can be bookmarked
  • GET requests have length restrictions

On the other hand:

  • POST requests are never cached
  • POST data is never stored in server access logs
  • POST requests do not remain in the browser history
  • POST requests cannot be bookmarked
  • POST requests have no restrictions on data length

Conclusion

Because "GET" http requests can be cached and stored in server logs/browser histories, they should not be used when dealing with sensitive data.

For these reasons, we always recommend that calls to the MIDAS API be made using the http "POST" method, rather than "GET".

By default, "GET" requests are disabled in the API. If you wish to allow API calls to be made via http "GET" (i.e. for testing purposes), then you can enable the "Allow GET (as well as POST) method?" setting. You'll find this under MIDAS Admin Options → Manage Addons → API Access. For more information, please refer to the API Settings documentation.


You might also be interested in...


MIDAS » KB » Support » Article 00226

← Return to the Knowledge Base