HTTP Methods

Complete guide to HTTP request methods with comparison tables and examples.

Comparison

MethodHas BodyIdempotentSafeCacheable
GET
POST
PUT
PATCH
DELETE
HEAD
OPTIONS
TRACE
CONNECT
GET

The GET method requests a representation of the specified resource. GET requests should only retrieve data and have no other effect on the resource. Because GET requests do not modify state, they are considered safe and idempotent.

Safe
Idempotent
Cacheable
RFC 9110, Section 9.3.1

Common Use Cases

  • Fetching a user profile or account details
  • Listing collections of resources such as products or posts
  • Retrieving a single resource by its identifier
  • Loading configuration or settings data
  • Querying search results with query parameters
Request
GET /api/users/123 HTTP/1.1
Host: api.example.com
Accept: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
Response
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: max-age=60

{
  "id": 123,
  "name": "Alice Johnson",
  "email": "alice@example.com",
  "role": "admin",
  "createdAt": "2025-08-14T10:30:00Z"
}
POST

The POST method submits an entity to the specified resource, often causing a change in state or side effects on the server. It is commonly used to create new resources or trigger operations. POST is neither safe nor idempotent, meaning repeated identical requests may create duplicate resources.

Has Body
RFC 9110, Section 9.3.3

Common Use Cases

  • Creating a new user account or resource
  • Submitting a form or uploading a file
  • Triggering a server-side process such as sending an email
  • Posting a comment or message
  • Initiating a payment or transaction
Request
POST /api/users HTTP/1.1
Host: api.example.com
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

{
  "name": "Bob Smith",
  "email": "bob@example.com",
  "role": "member"
}
Response
HTTP/1.1 201 Created
Content-Type: application/json
Location: /api/users/456

{
  "id": 456,
  "name": "Bob Smith",
  "email": "bob@example.com",
  "role": "member",
  "createdAt": "2026-03-02T14:22:00Z"
}
PUT

The PUT method replaces all current representations of the target resource with the request payload. If the resource does not exist, PUT may create it. PUT is idempotent, meaning making the same request multiple times produces the same result as making it once.

Idempotent
Has Body
RFC 9110, Section 9.3.4

Common Use Cases

  • Replacing a user profile with updated data
  • Uploading a file to a specific URI
  • Updating the full representation of a configuration object
  • Setting or overwriting a resource at a known URL
Request
PUT /api/users/123 HTTP/1.1
Host: api.example.com
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

{
  "name": "Alice Johnson-Smith",
  "email": "alice.js@example.com",
  "role": "admin"
}
Response
HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 123,
  "name": "Alice Johnson-Smith",
  "email": "alice.js@example.com",
  "role": "admin",
  "updatedAt": "2026-03-02T15:10:00Z"
}
PATCH

The PATCH method applies partial modifications to a resource. Unlike PUT, which replaces the entire resource, PATCH only updates the fields provided in the request body. PATCH is neither safe nor necessarily idempotent, though it can be implemented in an idempotent fashion.

Has Body
RFC 5789

Common Use Cases

  • Updating a single field like a user's email or display name
  • Toggling a boolean flag such as active or archived status
  • Incrementally modifying a complex resource
  • Applying a JSON Patch or JSON Merge Patch document
Request
PATCH /api/users/123 HTTP/1.1
Host: api.example.com
Content-Type: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

{
  "email": "alice.new@example.com"
}
Response
HTTP/1.1 200 OK
Content-Type: application/json

{
  "id": 123,
  "name": "Alice Johnson",
  "email": "alice.new@example.com",
  "role": "admin",
  "updatedAt": "2026-03-02T15:45:00Z"
}
DELETE

The DELETE method removes the specified resource from the server. After a successful DELETE, subsequent GET requests to the same URI should return 404 Not Found. DELETE is idempotent, meaning deleting an already-deleted resource should not produce an error beyond the initial removal.

Idempotent
RFC 9110, Section 9.3.5

Common Use Cases

  • Deleting a user account or profile
  • Removing an item from a shopping cart
  • Deleting a file or uploaded document
  • Revoking an API key or access token
  • Unsubscribing from a mailing list
Request
DELETE /api/users/123 HTTP/1.1
Host: api.example.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
Response
HTTP/1.1 204 No Content
X-Request-Id: req_abc123
HEAD

The HEAD method is identical to GET except that the server must not return a message body in the response. It is useful for checking if a resource exists, inspecting headers, or testing links without downloading the entire response. HEAD is safe and idempotent.

Safe
Idempotent
Cacheable
RFC 9110, Section 9.3.2
Example
HEAD /api/users/123 HTTP/1.1
Host: api.example.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...
OPTIONS

The OPTIONS method describes the communication options available for the target resource. It is commonly used in CORS preflight requests where the browser checks which HTTP methods and headers are permitted before sending the actual request. OPTIONS is safe and idempotent.

Safe
Idempotent
RFC 9110, Section 9.3.7
Example
OPTIONS /api/users HTTP/1.1
Host: api.example.com
Origin: https://app.example.com
Access-Control-Request-Method: POST
Access-Control-Request-Headers: Content-Type, Authorization
TRACE

The TRACE method performs a message loop-back test along the path to the target resource, echoing back the received request. It is primarily used for diagnostic purposes to see how intermediate proxies modify the request. TRACE is rarely used in production APIs and is often disabled for security reasons.

Safe
Idempotent
RFC 9110, Section 9.3.8
Example
TRACE /api/users HTTP/1.1
Host: api.example.com
Max-Forwards: 3
CONNECT

The CONNECT method establishes a tunnel to the server identified by the target resource. It is primarily used with HTTP proxies to initiate an end-to-end TLS/SSL connection through the proxy, enabling HTTPS traffic to pass through an HTTP proxy. CONNECT is neither safe nor cacheable.

RFC 9110, Section 9.3.6
Example
CONNECT api.example.com:443 HTTP/1.1
Host: api.example.com:443
Proxy-Authorization: Basic dXNlcjpwYXNz

Related Guides

61 status codes

HTTP Status Codes

Complete reference of all HTTP status codes with descriptions and examples.

Browse
36 headers

HTTP Headers

Common HTTP headers explained with syntax, examples, and common values.

Browse
70 MIME types

MIME Types

Complete reference of common MIME types with file extensions, categories, and usage examples.

Browse
10 headers

CORS Explained

Complete guide to Cross-Origin Resource Sharing — how it works, every header explained, and common errors with fixes.

Browse

Try it in RequestDock

Send real HTTP requests and inspect responses — right in your browser.

Open RequestDock