Reputation: 1442
How many different ways are there to pass parameters with an HTTP GET?
Normally if I use HTTPClient and issue GetAsync(URI) or similar, if I wanted to pass some parameters like "int id, string name, string division" I would need to append them to the uri: "http://localhost/webapplication/api/controller/action/id"
Are their any alternatives to this standard method of passing parameters, so that the information isn't right in the uri?
Something like HTTPClient.MessageParameters = myOBject which is put inside the message body, and then I can then unpack on the other side?
If there are not alternatives, is using a POST an acceptable way to hide the parameters?
Thanks
Upvotes: 0
Views: 2344
Answers (3)
Reputation: 57
I would go with a POST.
Any parameters passed with a GET can be captured and logged by a proxy or will be cached in server logs.
HttpWebRequest httpWReq =
(HttpWebRequest)WebRequest.Create("http://domain.com/page.aspx");
ASCIIEncoding encoding = new ASCIIEncoding();
string postData = "username=user";
postData += "&password=pass";
byte[] data = encoding.GetBytes(postData);
httpWReq.Method = "POST";
httpWReq.ContentType = "application/x-www-form-urlencoded";
httpWReq.ContentLength = data.Length;
using (Stream stream = httpWReq.GetRequestStream())
{
stream.Write(data,0,data.Length);
}
HttpWebResponse response = (HttpWebResponse)httpWReq.GetResponse();
string responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
See for code: HTTP REQUEST WITH POST
See for reasoning: HTTP GET AND POST PARAMETERS RECOMMENDATIONS
Upvotes: 2
Reputation: 1639
Using POST is the accepted way to hide these parameters, and if executing the request has side effects, they should definitely be submitted in a POST request. GET requests may be cached by a proxy or somewhere else along the way, which could cause a problem for you. I think you could theoretically try to change the request headers, but there's no guarantee that the server won't drop them if they're non-standard, so you shouldn't look into that option.
EDIT: See this question for more about X-headers (non-standard HTTP headers) and whether you can safely use them. It appears they're deprecated now.
Upvotes: 3
Reputation: 17258
you have at least 2 options:
- add custom http headers containing your data.
eg.
X-Var-Count: 3
X-Var-Name-1: id
X-Var-Value-1: <value_of_id>
X-Var-Name-2: name
X-Var-Value-2: <value_of_name>
X-Var-Name-3: division
X-Var-Value-3: <value_of_division>
obviously this requires additional server-side processing.
- switch to a POST request
Upvotes: 2
Related Questions
- How should I pass multiple parameters to an ASP.Net Web API GET?
- Call get method in web api with multiple parameters from c#
- passing variable number of multiple parameters in a HTTP Get request in C#
- How to get all the parameters names of a Get Request (from query string)?
- how to pass parameters to asp.net web api get method?
- WebAPI - multiple GET methods with no parameters
- Passing complex parameters into a GET request
- Get Request and APIs with/without parameter
- How to pass/receive multiple args to a RESTful Web API GET method?
- ASP.NET Web API - GET request with multiple arguments