You can send data to the server in the body of the POST message. The type and size of data are not limited. But you must specify the data type in the Content-Type header and the data size in the Content-Length header fields. The HTTP POST requests can also send data to the server using the URL parameters. In this case, you are limited to the maximum size of the URL, which is about 2000 characters (it depends on the browser).
The HTTP POST method is not idempotent, which means that sending an identical POST request multiple times may additionally affect the state or cause further side effects (eg. on financial transactions).
HTTP POST ExampleThe following HTTP POST request example demonstrates sending a POST request to the server. In this example, the 'Content-Type: application/json' request header indicates the media type of the resource, and the 'Content-Length: 85' request header indicates the size of the data in the request body.
And the server response:
Some notes on HTTP POST requests:
- POST requests are never cached
- POST requests do not remain in the browser history
- POST requests cannot be bookmarked
HTTP GET vs POST
|Browser BACK button/Reload||Harmless||Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted)|
|Bookmarked||Can be bookmarked||Cannot be bookmarked|
|Cached||Can be cached||Not cached|
|History||Parameters remain in browser history||Parameters are not saved in browser history|
|Restrictions on data length||Yes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters)||No restrictions|
|Restrictions on data type||Only ASCII characters allowed||No restrictions. Binary data is also allowed|
|Security||GET is less secure compared to HTTP POST because data sent is part of the URL. Never use GET when sending passwords or other sensitive information!|
|Visibility||Data is visible to everyone in the URL||Data is not displayed in the URL|