What Are HTTP Methods?
HTTP methods (also called verbs) indicate the desired action to perform on a resource. When a client sends a request, the method tells the server what the client wants to do.
The most common methods are GET and POST, but HTTP defines several others for more specific operations. Understanding when to use each method is crucial for building proper web applications and APIs.
Common HTTP Methods
GET
Retrieves a resource. This is the most common method—every time you type a URL or click a link, your browser sends a GET request.
- Should only retrieve data, never modify it
- Can be bookmarked and cached
- Parameters appear in the URL query string
- Has length limitations (URL length)
POST
Submits data to be processed. Used for form submissions, file uploads, and creating new resources.
- Data is sent in the request body
- Cannot be bookmarked (body isn't part of URL)
- Not cached by default
- No practical size limit on data
PUT
Replaces the entire resource at the specified URL. If the resource doesn't exist, it may create it.
- Requires the complete resource representation
- Calling it multiple times has the same effect (idempotent)
- Used for full updates, not partial modifications
PATCH
Applies partial modifications to a resource. Unlike PUT, you only send the fields you want to change.
- More efficient than PUT for small updates
- Only sends changed fields
- Not all servers support PATCH
DELETE
Removes the specified resource.
- Should remove the resource at the URL
- Typically returns 200 (OK) or 204 (No Content)
- Calling it multiple times is safe (idempotent)
HEAD
Identical to GET but returns only headers, no body. Useful for checking if a resource exists or getting metadata.
- Check if a resource exists without downloading it
- Get file size (Content-Length) before downloading
- Check last modification date
OPTIONS
Describes the communication options for the target resource. Often used for CORS preflight requests.
- Returns allowed methods in Allow header
- Used by browsers before cross-origin requests
- Helps discover API capabilities
Safe Methods
A method is safe if it doesn't modify resources on the server. Safe methods are read-only operations.
| Method | Safe? | Reason |
|---|---|---|
| GET | Yes | Only retrieves data |
| HEAD | Yes | Only retrieves headers |
| OPTIONS | Yes | Only describes options |
| POST | No | Creates/processes data |
| PUT | No | Replaces resources |
| PATCH | No | Modifies resources |
| DELETE | No | Removes resources |
Idempotent Methods
A method is idempotent if making the same request multiple times has the same effect as making it once. This is crucial for reliability—if a request fails and you retry it, you need to know if it's safe to do so.
| Method | Idempotent? | Explanation |
|---|---|---|
| GET | Yes | Reading multiple times gives same result |
| HEAD | Yes | Same as GET, just headers |
| OPTIONS | Yes | Options don't change between calls |
| PUT | Yes | Replacing with same data = same result |
| DELETE | Yes | Deleting twice = still deleted |
| POST | No | Each call may create new resource |
| PATCH | No* | Depends on the patch operation |
Idempotency Example
Consider updating a user's email address:
Sending this once or five times results in the same state: user 42 has email "new@example.com". That's idempotent.
Compare to creating a new user:
Sending this three times might create three users named Alice. That's NOT idempotent.
Method Summary Table
| Method | Purpose | Body | Safe | Idempotent | Cacheable |
|---|---|---|---|---|---|
| GET | Retrieve resource | No | Yes | Yes | Yes |
| POST | Submit data | Yes | No | No | Rarely |
| PUT | Replace resource | Yes | No | Yes | No |
| PATCH | Partial update | Yes | No | No* | No |
| DELETE | Remove resource | Optional | No | Yes | No |
| HEAD | Get headers only | No | Yes | Yes | Yes |
| OPTIONS | Get options | Optional | Yes | Yes | No |
Interactive Examples
The following examples demonstrate different HTTP methods in action.
GET Request
Retrieving a list of users from an API:
POST Request
Creating a new user:
PUT Request
Replacing a user's data entirely:
PATCH Request
Updating only the user's email:
DELETE Request
Removing a user:
HEAD Request
Checking a resource without downloading the body: