Reputation: 3736
Should a logoff request be designed as GET or POST?
I'm implementing some rest services. The first service I have to call according to the SDK is a http POST request to logon. The input are my user's credentials, and the output is my session id.
To logout, I also have to make a http POST request, but without any data/payload in the request body. Instead, a header field must be added the request that contains the session id.
I'm a bit torn, is this the correct design for a loggoff request, or should a GET method be used instead? More general, should a request with no input (except query paramerters and request headers) and no output be a GET, a POST, or something else? Why so or why not?
Upvotes: 4
Views: 3116
Answers (1)
Reputation: 636
According to RFC2616 GET is a "safe method" that
SHOULD NOT have the significance of taking an action other than retrieval
Log off, does not seem like a safe action to me so GET is not suitable.
It should therefore be a POST. No other HTTP verb seems semantically suitable.
Upvotes: 6
Related Questions
- Logging out: GET or POST?
- What method should I use for a login (authentication) request?
- When do you use POST and when do you use GET?
- Login user via GET (basic auth header) or POST
- How to define HTTP method and status code of Login and Logout?
- Is "logout" useless on a REST API?
- Spring logout GET vs POST
- Which HTTP method should Login and Logout Actions use in a "RESTful" setup
- HTTP RESTful Webservice Logout: Which is correct or better practice - POST or DELETE?
- Correct http verb to use for login API