Main difference between GET and POST api calls? - api

I am getting confused with the difference with GET and POST.
Can you provide some good resource or explanation with examples.
I'm just getting started with this.
Thank you.

GET is for retrieving data from the URL - for example, example.com?tab=settings
'tab' is what you would use to 'GET' the data from
POST is more secure, and allows you to send or retrieve the data directly
Other points mentioned here are:
GET requests can be cached
GET requests remain in the browser history
GET requests can be bookmarked
GET requests should never be used when dealing with sensitive data
GET requests have length restrictions
GET requests are only used to request data (not modify)
POST requests are never cached
POST requests do not remain in the browser history
POST requests cannot be bookmarked
POST requests have no restrictions on data length

Related

REST API: What HTTP return code for no data found? [duplicate]

This question already has answers here:
What is the proper REST response code for a valid request but an empty data?
(28 answers)
Closed 1 year ago.
If someone could please help settle this argument we might actually get this system finished LOL :^)
So, if you have a REST API.. for.. say.. returning patient details...
And you send in a request with a patient id...
But no patient with that patient id actually exists in the database..
What response should your API return?
1. a 404 ?
2. a 204 ?
3. a 200 with something in the body to indicate no patient found..
Thanks
Use a 404:
404 Not Found
The server can not find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean
that the endpoint is valid but the resource itself does not exist.
Servers may also send this response instead of 403 to hide the
existence of a resource from an unauthorized client. This response
code is probably the most famous one due to its frequent occurrence on
the web.
From MDN Web docs https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
What response should your API return?
It Depends.
Status codes are metadata in the transfer of documents over a network domain. The status code communicates the semantics of the HTTP response to general purpose components. For instance, it's the status code that announces to a cache whether the message body of the response is a "representation of the resource" or instead a representation of an error situation.
Rows in your database are an implementation detail; as far as REST is concerned, there doesn't have to be a database.
What REST cares about is resources, and in this case whether or not the resource has a current representation. REST doesn't tell you what the resource model should be, or how it is implemented. What REST does tell you (via it's standardized messages constraint, which in this case means the HTTP standard) is how to describe what's happening in the resource model.
For example, if my resource is "things to do", and everything is done, then I would normally expect a GET request for "things to do" to return a 2xx status code with a representation announcing there is nothing to do (which could be a completely empty document, or it could be a web page with an empty list of items, or a JSON document.... you get the idea).
If instead the empty result set from the database indicates that there was a spelling error in the URI, then a 404 is appropriate.
It might help to consider a boring web server, and how retrieving an empty file differs from retrieving a file that doesn't exist.
But, as before, in some resource models it might make sense to return a "default" representation in the case where there is no file.
if you have a REST API.. for.. say.. returning patient details...
Is it reasonable in the resource model to have a document that says "we have no records for this patient"?
I'm not a specialist in the domain of medical documents, but it sounds pretty reasonable to me that we might get back a document with no information. "Here's a list of everything we've been told about this patient" and a blank list.
What response should your API return?
If you are returning a representation of an error - ie, a document that explains that the document someone asked for is missing, then you should use a 404 Not Found status code (along with other metadata indicating how long that response can be cached, etc).
If you are returning a document, you should use a 200 OK with a Content-Length header.
204 is specialized, and should not be used here. The key distinction between 204 and 200 with Content-Length 0 is the implications for navigation.

Which kind of information can be collect about "website third parties"?

I have collected all the requests made by websites with the aim to identify the third-parties through the requests which are made by a website. I used selenium and WebDriver to do that.
These requests can be made by the JavaScript present in the source code of the website or can be dynamically called by the web-page from the advertisements or can be initiated by Google or DoubleClick or Facebook. These requests help to track the data that is being shared by these websites with or without the user consent.
You can see an example of the requests when the browser wants to load this website: www.focuscamera.com/ in this excel file:
https://drive.google.com/file/d/16wNA0dFUehrjPww31TAIj8GZUZ05LsIU/view?usp=sharing
My questions are:
1- which kind of HTTP header field can be used for my analysis if I tend to gather some info about third parties? my goal is to distinguish and differentiate the third party behavior!
For example, the field content-length in the requests indicates the size of the entity-body. So a request with higher content-length means that the third party received and collect more data/information?
2- What does exactly content-length indicates? what does exactly "HTTP request body data" contain?
3- Are there any other HTTP header fields that I can use if I aim to distinguish and differentiate the third party behavior? ( a list of field I collect can be found in sheet1 of the excel file I shared before)
4- Are there any other information on the internet that I can use if I aim to distinguish and differentiate the third party behavior? For example, I use cookiepedia.co.uk in order to know what kind of services third parties provide? is it functionality, performance, or Targeting/advertising?
It sounds like you may be reinventing the wheel here. Take a look at https://webbkoll.dataskydd.net; they provide lots of security and privacy analysis on any site you like. Generate nice visual request maps using https://requestmap.webperf.tools:
Try using that tool on sites like wired.com and forbes.com to see how spectacularly bad it can get!
To answer your questions specifically:
Headers are not massively useful as they are within each request (it's the request itself that's more interesting), but the important ones from a privacy perspective will be Referer and Set-cookie. Content-length does indeed tell you how big the request body is – that will always be 0 on a GET request and so is usually omitted – large post requests indicate more data is being transmitted, but that may be down to inefficiency rather than anything else.
Content-length indicates the length of the data (in bytes) within the body of a POST request. An HTTP request body can contain any kind of data: text, images, video, audio, formatted data.
There are some, but most headers are functional rather than semantic, concerned with making the request actually work. It's more interesting that requests happen at all than what they contain.
You can't necessarily tell what kind of service a third party is providing from the requests themselves, but the domains they are going to are more interesting. For example anything going to doubleclick.com is going to be ad and tracking related because of what that domain is known to be used for (Webbkoll cites these as "known trackers"); So you're correct that sites like cookiepedia can help you find out what a particular service does. The divisions between functional/performance/profiling are mostly made up by ad companies to excuse their behaviour, and you can't tell what they are using data for, only whether they are receiving data, and what data they are receiving (because you can see what's in the requests they make using browser developer tools). To clarify - a site could receive your full name and address, but do absolutely nothing with it; but you can't tell that from looking at the data that's sent. In privacy terms, it's always best to assume the worst (because ad companies absolutely cannot be trusted!), so if they are receiving data, assume it will be abused.

How do batchUpdate calls count towards usage limits?

Calls like spreadsheets.batchUpdate and spreadsheets.values.batchUpdate can take multiple update actions in a single call.
I read about google sheets api usage limits at https://developers.google.com/sheets/api/limits, however it is not clear if these calls would count as one or multiple requests. Could you explain?
Thanks
At spreadsheets.batchUpdate and spreadsheets.values.batchUpdate, even when multiple requests are included in one batch request of batchUpdate, the request uses only one API.
For example, when 10 requests are included in the request body of batchUpdate and the request body is run by batchUpdate, only one API is used.
About the maximum requests in one batchUpdate, I have never investigated this. But in my experience, when I had used 100,000 requests in one batchUpdate, I could confirm that the script worked fine.
If I misunderstood your question, I apologize.

Blogger API Gives Error 500 when Requesting List of Scheduled Posts

I am using Blogger API v3. When requesting a list of scheduled status posts, the API always returns error 500. First I thought it might just be my blog or my app. However, I've tested on the API's own website (try it out) on a newly created blog and it still happens. Does anyone else have this same problem? Thanks in advance.
EDIT: Of course, this is assuming you already have scheduled posts in your blog though.
The 500 Internal Server Error is a very general HTTP status code that
means something has gone wrong on the web site's server but the server
could not be more specific on what the exact problem is.
Reference : https://www.westhost.com/knowledgebase/display/WES/What+Is+A+500+error
Q : Does anyone else have this same problem?
A : Yes, I have, several times.
In fact, the 500 error is not only happen when we request a list of posts but also in every request we can make with Blogger API. AFAIK, when I do a request with Blogger API and it's returned 500 error, it's always because when doing multiple request in almost the same time (usually because of looping which I forgot to break)
I've also encounter this error when testing it straight from the Blogger API examples page. The first time I request it retured 500 error, but the second time, the request the returned the data that I requested.
For the sample in Blogger API site, it may be just an authentication error. As for the error by your own request, I suggest you to check your coding again, the the request may be placed inside a looping or you've send a request BEFORE the previous request has successfully returned a response.

Understanding the Reddit API - URL vs headers vs body

Here's the API.
This is my first time working with web APIs so bear with me. Where do the name-value pairs listed under each call belong in my HTTP request? Do they go in the URL, the headers, or the body? Is it different depending on if it's a GET request or a POST?
Are the answers to these questions true in general, i.e. for any web API?
Where do the name-value pairs listed under each call belong in my HTTP request?
In a GET, they're in the URL's query string. in a POST, they're in the request body. Headers never contain request parameters, but things like Content-length do control them, a bit. You might also run across JSON in a POST body (I can't remember if reddit does this). This is not reddit-specific, and is standard HTTP.