The GET requests cannot have a message body. But you still can send data to the server using the URL parameters. In this case, you are limited to the maximum size of the URL, which is about 2000 characters (depends on the browser).
The GET method is defined as idempotent, which means that multiple identical GET requests should have the same effect as a single request.
Browsers use the GET method to request a page from the server. Below are a few sample requests to reqbin.com from different web browsers.
The main difference between these two requests is the User-Agent header parameter that tells the server from which browser the request was sent. If you send requests from your application, you can specify your application name in the User-Agent header.
The Accept-Encoding header tells the server what compression algorithms the client can understand. The server may select one of the proposed algorithms, and compress the body of a response using this algorithm. In this case, the server must provide the used compression algorithm name in the Content-Encoding response header.
If you don't specify the Accept-Encoding header in your request, or server does not support any of the proposed compression algorithms then the server does not compress the body of the response.
As you can see, the Content-Encoding header is not represented in the server response. In this case, the size of the transmitted data is much larger, which may lead to lower page loading speed and increase the traffic cost for mobile devices.
Requesting JSON and XML by using the HTTP GET Method
Clients can request JSON from the server by sending HTTP GET requests. The Accept: application/json header tells the server that the client is "expecting" the response content in JSON format. If the client wants to receive the response content in XML format, it can specify the Accept: application/xml header. If the client can handle both types of content, it can list them all in the Accept header, separated by a comma.
In the server response, the Content-Type header tells the client the type of returned content. For JSON files the server will return Content-Type: application/json.
To request private resources from the server, such as the user's personal data, the server may ask the client to provide some authorization data to ensure that the client is authorized to receive the requested data. There are several ways to authorize the client. One of the most popular authorization methods is the Bearer token authorization header.
Some notes on GET requests
- GET requests can be cached
- GET requests remain in the browser history
- GET requests can be bookmarked
- GET requests should never be used when dealing with sensitive data
GET vs POST
|Browser BACK button/Reload||Harmless||Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted)|
|Bookmarked||Can be bookmarked||Cannot be bookmarked|
|Cached||Can be cached||Not cached|
|History||Parameters remain in browser history||Parameters are not saved in browser history|
|Restrictions on data length||Yes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters)||No restrictions|
|Restrictions on data type||Only ASCII characters allowed||No restrictions. Binary data is also allowed|
|Security|| GET is less secure compared to POST because data sent is part of the URL |
Never use GET when sending passwords or other sensitive information!
|Visibility||Data is visible to everyone in the URL||Data is not displayed in the URL|