When you want to get data from an API endpoint that expects some request parameters,
- Do you send a
GETrequest with query/path params?- Or do you send a
POSTrequest with the params mentioned in the body?
For non-sensitive parameters, use a GET request, which appends the parameters to the URL and allows for caching, improving performance. For sensitive parameters, use a POST request, which encrypts the parameters in the request body, ensuring their security during transmission.
Explanation
When a GET request is sent to an API endpoint, the query or path parameters are included in the URL. This means that the URL itself contains the necessary information to retrieve the requested data. As a result, when a GET request is made, the response can be cached by the client or an intermediary server (like a proxy server or a content delivery network) based on the URL and the parameters.
On the other hand, caching POST requests is not a common practice and is not supported by most web browsers and CDNs. This is because POST requests are generally used to modify data on the server, and caching them could lead to inconsistencies and unexpected behaviour.
Even in a case wherein we need to cache idempotent POST requests, the cache key should include a digest of the POST body, along with the URL and headers. This adds complexity and overhead.