Reputation: 1291
JSON vs Form POST
We're having a bit of a discussion on the subject of posting data to a REST endpoint. Since the objects are quite complex, the easiest solution is to simply serialize them as JSON and send this in the request body.
Now the question is this: Is this kosher? Or should the JSON be set as a form parameter like data=[JSON]? Or is sending of JSON in the request body just frowned upon for forcing the clients using the application, to send their data via JavaScript instead of letting the browser package it up as application/x-www-form-urlencoded?
I know all three options work. But which are OK? Or at least recommended?
Upvotes: 52
Views: 37103
Answers (3)
Reputation: 41610
You can use JSON as part of the request data as the OP had stated all three options work.
The OP needs to support JSON input as it had to support contain complex structural content. However, think of it this way... are you making a request to do something or are you just sending what is basically document data and you just happen to use the POST operation as the equivalent of create new entry.
That being the case, what you have is basically a resource endpoint with CRUDL semantics. Following up on that you're actually not limited to application/json but any type that the resource endpoint is supposed to handle.
For non-resource endpoints
I find that (specifically for JAX-RS) the application/x-www-urlencoded one is better.
- Consistency with OAuth 2.0 and OpenID Connect, they use
application/x-www-urlencoded. - Easier to annotate the individual fields using Swagger Annotations
- Swagger provides more defaults.
- Postman generates a nice form for you to fill out and makes things easier to test.
Examples of non-resource endpoints:
- Authentication
- Authorization
- Simple Search (though I would use
GETon this one) - Non-simple search where there are many criteria
- Sending a message/document (though I would also consider
multipart/form-dataso I can pass meta data along with the content, but JAX-RS does not have a standard for this one Jersey and RestEasy have their own implementations)
Upvotes: 7
Reputation: 29985
I'd say that both methods will work well
it's important that you stay consistent across your APIs. The option I would personally choose is simply sending the content as application/json.
POST doesn't force you to use application/x-www-form-urlencoded - it's simply something that's used a lot because it's what webbrowsers use.
Upvotes: 30
Reputation: 17637
There is nothing wrong about sending it directly as serialized JSON, for example google does this by default in it's volley library (which obviously is their recommended REST library for android).
If fact, there are plenty of questions on SO about how not to use JSON, but rather perform "normal" POST requests with volley. Which is a bit counter intuitive for beginners, having to overwrite it's base class' getParams() method.
But google having it's own REST library doing this by default, would be my indicator that it is OK.
Upvotes: 7
Related Questions
- When is JSON-RPC over http with POST more suitable than RESTful API?
- Why would you use FormData over JSON in sending POST requests?
- Normal form submission vs. JSON
- Difference of send POST request with json data or parameter?
- posting JSON vs traditional form encoded data as the data format for submitting a form
- Form content type for a json HTTP POST?
- ajax or jquery post json request
- When should HTTP Form POST be preferred over Ajax?
- MIME versus JSON for HTTP POST body
- Format of REST incoming data: POST fields or JSON?