1

I am trying to following best practices when creating a REST endpoint for my resource Dashboard. So I am planning to create POST for creation, PUT for update and GET for fetching the Dashboard in my spring mvc controller.

However, I have a validate API endpoint as well, that does not save nor update anything in the database, so I was planning to use the GET HTTP method for the validate endpoint. But there are a lot of parameters I need to pass to this endpoint, so I'd prefer if this would be a @RequestBody and not just usual request parameters, because GET has a limit that I can exceed.

Should I use POST instead of GET even though I am not planning to make any database changes?

@PostMapping("/dashboards/{id}/validate")
public ResponseEntity<VisualMetadata> validateVisualMetadata(@PathVariable String id,
                                                             @Valid @RequestBody DashboardDto requestDto) {
}

UPD: DashboardDto does not just have primitives such as String/long/integer, but also has nested complex data types such as Axis and Metric

class DashboardDto {
   String id;
   Axis axis;
   List<Metric> metrics;
}
Sergei Ledvanov
  • 1,841
  • 4
  • 25
  • 47
  • Take a peak at this: https://stackoverflow.com/questions/978061/http-get-with-request-body I would just use a `POST` and not get into the hand-wringing on whether something is truly restful or not. Do what you think makes most sense and has the least surprise for someone maintaining the code later. – Glenn Dec 25 '18 at 14:03
  • I'd recommend using `POST` for this. I am using `GET` only for requesting data, e.g. by an identifier like an ID. – elp Dec 25 '18 at 14:29

1 Answers1

3

Should I use POST instead of GET even though I am not planning to make any database changes?

Probably. Sometimes, in the HTTP method registry, you can find a less common standardized method that fits your use case. Given that there are no intended changes to resource state, you would be looking for a safe method.

I don't believe that there's a good fit for your use case.

But sending a GET request with a message body is (generally) a Bad Idea:

A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request. -- RFC 7231

Part of the point of rest is that multiple organizations can use standardized off the shelf solutions, and everything "just works". If you don't need that promise (your organization controls the client, server, and the components in between), you might be able to get away with it. At least for a time.

There is nothing inappropriate about using POST for safe requests. The intermediate components won't necessarily know that the request is safe, so it's not ideal (for instance, intermediate components won't know that it is safe to resend a request when the response is lost).

VoiceOfUnreason
  • 40,245
  • 4
  • 34
  • 73