Daniel Lemire's blog

, 1 min read

Crash course in sane Web programming

What the current SOAP fad has done is to make us forget how to build and deploy applications on the Web according to the true HTTP specification. Even wikipedia is incredibly confused and confusing with respect to HTTP. It is ridiculously simple, but overly ignored and misrepresented.

GET | Get some resource identified by a URI. This request should not change the state of the resource.
The resource itself may change over time however. | POST |

Add a new resource (post a new message, a new comment, a new post, a new file) or modify an existing resource. The provided URI is not the URI of the new resource, but rather the URI of a related resource (for example, the URI of the blog or posting board). |

PUT |

Create or replace a resource having the given URI. This method is idempotent! |

DELETE | Delete a resource. |

What does this mean?

  • A POST from should never replace a resource. A POST form cannot be used to edit a post and is safe.
  • GET queries are stateless. No matter who does the GET, the same result should come out. If I copy and paste a URL in my browser and pass it to someone else, they should end up with the same resource. A GET query cannot create, change or delete a resource. GETs are safe. I should always be able to follow a link without fear of deleting or buying something.

As to why this might not work, see what Parand had to say about it.