# GET vs POST: Understanding HTTP Request Methods ## Quick answer: GET vs POST **GET** retrieves data without changing anything on the server, while **POST** sends data to create or modify resources. [Try Postman today →](https://identity.getpostman.com/signup) GET and POST are the two most frequently used HTTP request methods. Understanding when to use each one is essential for building and working with APIs. While both methods facilitate communication between clients and servers, they handle data differently and serve distinct purposes in RESTful design. This guide explains the practical differences between GET vs POST, complete with examples, security considerations, and testing strategies in Postman. ### Table of Contents - [Retrieving and sending data with GET and POST](#retrieving-and-sending-data-with-get-and-post) - [What GET does](#what-get-does) - [When to use GET](#when-to-use-get) - [What POST does](#what-post-does) - [When to use POST](#when-to-use-post) - [Real-world examples of GET vs POST](#real-world-examples-of-get-vs-post) - [How to choose between GET and POST](#how-to-choose-between-get-and-post) - [Key differences between GET and POST](#key-differences-between-get-and-post) - [Security considerations](#security-considerations) - [Caching behavior](#caching-behavior) - [Testing method behavior in Postman](#testing-method-behavior-in-postman) - [Best practices for API design](#best-practices-for-api-design) - [Common mistakes to avoid](#common-mistakes-to-avoid) - [Quick reference](#quick-reference) ## Retrieving and Sending Data with GET and POST Comparison of GET and POST Methods | Method | Purpose | Data Location | Makes Changes? | Typical Use | |---|---|---|---|---| | GET | Retrieves data | URL (query parameters) | ❌ No | Read/fetch data | | POST | Creates or submits data | Request body | ✅ Yes | Create or submit data | **In short:**- Use **GET** when you want to retrieve data without changing anything on the server. - Use **POST** when you need to send data to create or modify resources. ## What GET Does The HTTP GET method requests data from a server at a specific URI. It's designed to retrieve information without modifying server state, making it safe to call repeatedly without side effects. **Example: Retrieving user data with GET** ``` GET /api/users/12345 HTTP/1.1 Host: api.example.com ``` The request body contains the data for the user: ``` HTTP/1.1 200 OK Content-Type: application/json { "id": "12345", "name": "Penny Ostman", "email": "p.ostman@example.com", "role": "Developer" } ``` GET requests can include query parameters in the URL to filter or customize results: ``` GET /api/users?role=developer&limit=10 HTTP/1.1 ``` Since GET requests don't modify data, browsers and proxies can safely cache responses to improve performance. ### When to Use GET - Fetching a list of resources (`GET /products`) - Retrieving a specific resource (`GET /users/123`) - Searching or filtering data (`GET /articles?category=tech`) - Reading data without side effects - Operations that should be bookmarkable or shareable via URL ## What POST Does The HTTP POST method submits data to a server to create a new resource or trigger an action. Unlike GET requests, POST requests include a request body with the sent data and the ability to change the server state. ### Example: Creating a new user with POST ``` POST /api/users HTTP/1.1 Content-Type: application/json { "name": "Penny Ostman", "email": "p.ostman@example.com" } ``` The server responds with details about the newly created resource: ``` HTTP/1.1 201 Created Location: /api/users/12345 Content-Type: application/json { "id": "12345", "name": "Penny Ostman", "email": "p.ostman@example.com" } ``` The `Location` header in the response tells the client where the new resource lives. The POST method is not idempotent, so sending the same POST request twice may create duplicate entries. ### When to Use POST - Creating new resources (`POST /orders`) - Submitting forms or file uploads - Triggering actions (`POST /payments`) - Sending large amounts of data - Any operation that changes server state ## Real-world examples of GET vs POST GET is used for reading data from specific resources or collections, like `/users/123` and `/products`. If you're just viewing information without making changes, use GET. POST is used when you need to send data to the server, whether creating new resources in collections like `/users` and `/orders`, or triggering actions like `/checkout` and `/login`. Here are some common ways that GET and POST are used: ### E-commerce - `GET /products` → Browse product catalog - `GET /products/789` → View specific product details - `POST /orders` → Create a new order - `POST /cart/items` → Add item to shopping cart ### User management - `GET /users` → List all users - `GET /users/123` → Get a user's profile - `POST /users` → Register a new user - `POST /login` → Authenticate a user ### Content management - `GET /articles?category=tech` → Browse articles by category - `GET /articles/456` → Read a specific article - `POST /articles` → Create a new article - `POST /comments` → Submit a comment ### Search and filtering - `GET /search?q=postman` → Search for content - `GET /users?role=admin&status=active` → Filter users - `POST /reports/generate` → Generate a custom report ## How to Choose Between GET and POST GET retrieves data without side effects, while POST submits data and can modify server state. Choosing Between GET and POST | Scenario | Use | Example | |---|---|---| | Viewing a user profile | GET | `GET /users/123` | | Creating a new user | POST | `POST /users` | | Searching products | GET | `GET /products?q=laptop` | | Submitting a payment | POST | `POST /payments` | ## Key differences between GET and POST ### Where the data lives GET requests append data to the URL as query parameters (?name=value&role=admin), while POST requests send data in the request body. This fundamental difference affects everything from security to performance. Because GET data lives in the URL, it appears in browser history, bookmarks, and server logs. This makes GET URLs shareable and bookmarkable, but dangerous for sensitive information. POST data stays hidden in the request body, so you can't bookmark it, but you also won't accidentally leak credentials. ### Size and data types URL length limits restrict GET requests to roughly 2,000-8,000 characters, depending on the browser. POST has no such restriction and can handle megabytes of data. GET can only transmit URL-safe text, while POST can send any data type specified by the Content-Type header, such as JSON, XML, or binary files. ### Security Considerations Never include sensitive data in a GET request. ❌ **Bad practice:** ``` GET /login?username=admin&password=secret123 ``` This exposes credentials in browser history, server logs, proxy logs, and referrer headers. ✅ **Good practice:** ``` POST /login HTTP/1.1 Content-Type: application/json { "username": "admin", "password": "secret123" } ``` Combined with HTTPS, POST keeps credentials encrypted and out of logs. ### Caching behavior GET requests are designed to be cached by browsers and CDNs, improving performance for frequently accessed data. POST requests typically aren't cached because they usually trigger actions or modify resources. ## Testing method behavior in Postman You can see these differences with a simple collection. 1. Create a new collection called **GET vs POST Demo**. 2. Add two requests: - `GET /users/:id` (retrieve) - `POST /users` (create) 3. Set up a [mock server](https://learning.postman.com/docs/design-apis/mock-apis/set-up-mock-servers/ "https://learning.postman.com/docs/design-apis/mock-apis/set-up-mock-servers/") to simulate responses: - Configure `GET /users/:id` to return `200 OK` with user data - Configure `POST /users` to return `201 Created` with a `Location` header 4. Click **Send** and observe the differences: - GET retrieves existing data - POST creates new resources **Optional:** Add test scripts to verify correct status codes, response structure, and headers like `Location` or `Content-Type`. ## Best practices for API design - Use GET for safe, read-only operations that don't modify data. - Use POST when creating resources or performing actions with side effects. - Never send sensitive data, such as passwords or tokens, in GET query parameters. - Keep GET URLs bookmarkable and shareable when possible. - Make GET requests idempotent and cacheable. - Include proper status codes: `200 OK` for GET, `201 Created` for POST. - Use query parameters in GET for filtering, sorting, and pagination. - Document both methods with clear examples in Postman. ## Common mistakes to avoid **Using GET to modify data** Don't use GET for operations that change server state: ❌ `GET /users/123/delete` ❌ `GET /cart/add?productId=789` ✅ `POST /users/123` (with delete action or use DELETE method) ✅ `POST /cart/items` **Sending sensitive data in GET parameters** Never include passwords, tokens, or personal data in GET URLs: ❌ `GET /login?username=user&password=secret123` ✅ `POST /login` (with credentials in request body) **Exceeding URL length limits with GET** If you need to send large amounts of data or complex filters, use POST instead: ❌ `GET /search?filters=...` (with thousands of characters) ✅ `POST /search` (with filter criteria in body) **Forgetting to use HTTPS** Even with POST, always use HTTPS to encrypt data in transit. HTTP exposes request bodies to interception. ## Quick Reference GET vs POST Quick Reference | Question | Answer | |---|---| | When to use GET? | To retrieve data without modifying the server. | | When to use POST? | To create resources or submit data that changes server state. | | Is GET idempotent? | Yes. Multiple identical requests produce the same result. | | Is POST idempotent? | No. Repeating it can create duplicates. | | Can GET modify data? | No. GET should only read data, never modify it. | | Is GET secure for passwords? | No. Never send sensitive data in GET URLs. | | Can GET be cached? | Yes. GET responses are cacheable by default. | | Should I use GET or POST for forms? | Use POST for forms that submit data, GET for search forms. |