简体繁体 English

为什么推荐使用 GET 方法检索 Rest API 中的数据？

[英]Why its recommended to use GET method for retrieve data in Rest API?

原文 2022-09-10 16:41:07 2 2 api/ rest/ system-design

Why its recommended to use the GET method to retrieve data in Rest API?为什么推荐使用 GET 方法检索 Rest API 中的数据？

As everyone knows POST method is comparatively more secure and feasible to get data.众所周知，POST方式获取数据相对来说更加安全可行。 Most of the designed systems use GET to retrieve since it's idempotent and "theoretically" does not alter data on the server however, nowadays most of the GET requests also create logs on the server or alter caching.大多数设计的系统都使用 GET 来检索，因为它是幂等的，并且“理论上”不会改变服务器上的数据，但是，现在大多数 GET 请求也会在服务器上创建日志或改变缓存。 I'm wondering if is it not a good practice to use POST for all API services.我想知道对所有 API 服务使用 POST 是否不是一个好习惯。

2 个解决方案

Why its recommended to use the GET method to retrieve data in Rest API?为什么推荐使用 GET 方法检索 Rest API 中的数据？

The reason that we don't use POST for everything: using a method with more specific semantics allows general purpose components within the HTTP application to do intelligent things.我们不对所有事情都使用 POST 的原因：使用具有更具体语义的方法允许 HTTP 应用程序中的通用组件执行智能操作。

Specifically for the case of GET专门针对 GET 的情况

Caching缓存

The goal of HTTP caching is significantly improving performance by reusing a prior response message to satisfy a current request. HTTP 缓存的目标是通过重用先前的响应消息来满足当前请求来显着提高性能。 -- RFC 9111 -- RFC 9111

The response to a GET request is cacheable;对 GET 请求的响应是可缓存的； a cache MAY use it to satisfy subsequent GET and HEAD requests unless otherwise indicated by the Cache-Control header field -- RFC 9110除非缓存控制 header 字段另有说明，否则缓存可以使用它来满足后续的 GET 和 HEAD 请求——RFC 9110

This means both that a GET request can be served by a cache (rather than passing the request all the way through to the origin server) and that GET responses can be cached for later re-used.这意味着 GET 请求可以由缓存服务（而不是将请求一直传递到源服务器），并且可以缓存 GET 响应以供以后重用。

Because POST is potentially unsafe (ie, edits resources), the general purpose components always have to pass the request through to the origin server.因为 POST 可能不安全（即编辑资源），所以通用组件总是必须将请求传递到源服务器。 POST responses can be cached only in some cases; POST 响应只能在某些情况下被缓存； general purpose components can recognize these specific cases via the metadata provided by the origin server.通用组件可以通过源服务器提供的元数据识别这些特定情况。

Unlike POST, the semantics of a GET request are safe .与 POST 不同，GET 请求的语义是安全的。

The purpose of distinguishing between safe and unsafe methods is to allow automated retrieval processes (spiders) and cache performance optimization (pre-fetching) to work without fear of causing harm.区分安全和不安全方法的目的是允许自动检索过程（蜘蛛）和缓存性能优化（预取）工作，而不必担心造成伤害。 In addition, it allows a user agent to apply appropriate constraints on the automated use of unsafe methods when processing potentially untrusted content.此外，它允许用户代理在处理可能不受信任的内容时对不安全方法的自动使用应用适当的约束。 -- RFC 9110 -- RFC 9110

Most of the designed systems use GET to retrieve since it's idempotent and "theoretically" does not alter data on the server however, nowadays most of the GET requests also create logs on the server or alter caching.大多数设计的系统都使用 GET 来检索，因为它是幂等的，并且“理论上”不会改变服务器上的数据，但是，现在大多数 GET 请求也会在服务器上创建日志或改变缓存。

Yes, which is why it is important to understand the distinction between safe semantics and safe implementation是的，这就是为什么理解安全语义和安全实现之间的区别很重要的原因

HTTP does not attempt to require the results of a GET to be safe. HTTP 不会尝试要求 GET 的结果是安全的。 What it does is require that the semantics of the operation be safe, and therefore it is a fault of the implementation, not the interface or the user of that interface, if anything happens as a result that causes loss of property Fielding, 2002它所做的是要求操作的语义是安全的，因此它是实现的错误，而不是接口或该接口的用户，如果发生任何导致财产损失的结果Fielding，2002

It is because the uniform interface constraint.这是因为统一的界面约束。 The HTTP standard says that GET is for retrieving data and the uniform interface constraint says that you must follow standards. HTTP 标准规定 GET 用于检索数据，统一接口约束规定您必须遵循标准。 Why is the sky blue?为什么天空是蓝色的？