Is it considered bad practice to perform HTTP POST without entity body?

Question

I need to invoke a process which doesn't require any input from the user, just a trigger. I plan to use POST /uri without a body to trigger the process. I want to know if this is considered bad from both HTTP and REST perspectives?

Answer 1

Does it need a body? Then no. I know you were asking if there's some rule in REST, but others have answered that, so generally speaking: What is and isn't ok often depends on scenario and context. Even sometimes not following design patterns, or slightly altering them, can be "ok" if it makes perfect sense and is clean etc.

Maybe the API endpoint is just actioning something, and there is no data to consume or IDs to need knowledge of.

For example, an endpoint api/delete-previous-week-logs that deletes all the logs on the API from last week. You wouldn't expect the Client to send the list of logs to delete because it'd first need to request GET them from the very API you are going to POST to in order to delete them.

If API has this source of knowledge, or if there's no body or IDs needed to perform the endpoint's action, then that's that, no body.

Answer 2

Support for the answers that POST is OK in this case is that in Python's case, the OpenAPI framework "FastAPI" generates a Swagger GUI (see image) that doesn't contain a Body section when a method (see example below) doesn't have a parameter to accept a body.

the method "post_disable_db" just accepts a path parameter "db_name" and doesn't have a 2nd parameter which would imply a mandatory body.

@router.post('/{db_name}/disable',
             status_code=HTTP_200_OK,
             response_model=ResponseSuccess,
             summary='',
             description=''
             )
async def post_disable_db(db_name: str):
    try:
        response: ResponseSuccess = Handlers.databases_handler.post_change_db_enabled_state(db_name, False)
    except HTTPException as e:
        raise (e)
    except Exception as e:
        logger.exception(f'Changing state of DB to enabled=False failed due to: {e.__repr__()}')
        raise HTTPException(HTTP_500_INTERNAL_SERVER_ERROR, detail=e.__repr__())

    return response

Answer 3

If you use POST /uri without a body it is something like using a function which does not take an argument .e.g int post (void); so it is reasonable to have function to your resource class which can change the state of an object without having an argument. If you consider to implement the Unix touch function for a URI, is not it be good choice?

Answer 4

Yes, it's OK to send a POST request without a body and instead use query string parameters. But be careful if your parameters contain characters that are not HTTP valid you will have to encode them.

For example if you need to POST 'hello world' to and end point you would have to make it look like this: http://api.com?param=hello%20world

Answer 5

I asked this question on the IETF HTTP working group a few months ago. The short answer is: NO, it's not a bad practice (but I suggest reading the thread for more details).

Answer 6

POST is completely OK. In difference of GET with POST you are changing the state of the system (most likely your trigger is "doing" something and changing data).

I used POST already without payload and it "feels" OK. One thing you should do when using POST without payload: Pass header Content-Length: 0. I remember problems with some proxies when I api-client didn't pass it.

Answer 7

Using a POST instead of a GET is perfectly reasonable, since it also instructs the server (and gateways along the way) not to return a cached response.