The optional MIDAS API (Application Programming Interface) allows developers to programmatically interface directly with our web based scheduling software, MIDAS.
Calls to the API can be made via simple http requests. Both "GET" and "POST" http "methods" are supported by the API (although support for the "GET" method is disabled by default, and needs enabling if required - we'll cover this later).
This article explains the differences between the "GET" and "POST" http methods (also known as http "verbs"), and why we'd encourage you to only make and allow "POST" requests when using the MIDAS API.
What are HTTP request methods (verbs)?
HTTP (or the Hypertext Transfer Protocol) is designed to enable communications between clients and servers. It works by establishing a "request-response" protocol between the client and the server.
GET requests
When you type a URL into your browser's address bar, your browser (the client) sends an HTTP request to the server where the website you're trying to reach resides.
This is a "GET" request - i.e. "get" (retrieve) data from the specified resource (server). GET is the most common form of HTTP request.
POST requests
A "POST" request on the other hand is typically used to "post" (send) data to the specified resource (sever). This is the common HTTP method used when filling in a form and submitting it on a web page.
GET vs POST
The two methods are interchangeable - for instance, you can "send" additional data as part of a "GET" request. Similarly, you can "retrieve" data as the result of a "POST" request.
For example, the following "GET" request also sends two parameters ("parameter1" and "parameter2") with two values ("value1" and "value2" respectively) to the server:
In a "POST" request, the additional data isn't "appended" to the URL itself, as in a "GET" request, but rather it is stored in the body of the HTTP request. The "POST" equivalent of the above example "GET" request would be:
POST /contact/contact_form.php HTTP/1.1 Host: your-domain.com parameter1=value1amp;parameter2=value2
Which is better - GET or POST?
Because "GET" requests "append" data to the URL, they have a number of limitations and drawbacks, including:
GET requests can be cached
GET requests can be be stored in server access logs
GET requests can remain in the browser history
GET requests can be bookmarked
GET requests have length restrictions
On the other hand:
POST requests are never cached
POST data is never stored in server access logs
POST requests do not remain in the browser history
POST requests cannot be bookmarked
POST requests have no restrictions on data length
Conclusion
Because "GET" http requests can be cached and stored in server logs/browser histories, they should not be used when dealing with sensitive data.
For these reasons, we always recommend that calls to the MIDAS API be made using the http "POST" method, rather than "GET".
By default, "GET" requests are disabled in the API. If you wish to allow API calls to be made via http "GET" (i.e. for testing purposes), then you can enable the "Allow GET (as well as POST) method?" setting. You'll find this under MIDAS Admin Options → Manage Addons → API Access. For more information, please refer to the API Settings documentation.
