Web API HTTP Basics
This article is written for my upcoming series; Creating a Url Shortener Service From Scratch with .Net Core. I have tried to cover the aspects that will be necessary for developing Web API applications, still a good read if you want to learn basic information about HTTP protocol or need a quick refresher.
HTTP Basics
HTTP is an acronym for HyperText Transfer Protocol. It is a stateless protocol that defines a set of rules between a client and server, enabling to share information between. We will be covering absolute minimum necessary about HTTP protocol but I advise you to dig deeper as this is the underlying protocol that most of the modern day applications uses to communicate between.
HTTP Is Stateless
What is HTTP being stateless means there is no link between two requests carried out even in the same connection. This may be problematic when a user is interacting with a page continuously and needs to retain information from the previous interactions. HTTP cookies are used for managing sessions between each request by usually extending header for users to share same context between requests one after another.
HTTP URLs
Url stands for Uniform Resource Locator, which everyone is familiar with even remotely. Url can be composed of following parts:
http://www.google.com/search/text/q?=test#section3
http → Protocol part defines the protocol used for transferring the data, it can be http, https, ftp, mailto, file.
www.google.com → Domain part is the where resource reached through domain name system (DNS) or directly the ip of server containing resources.
search/text→ Path refers to page or location on the server.
q → Query part, the “q” is the variable containing string data “test”.
#section3 → Fragment is the internal page reference or anchor, which refers to a specific part of the page.
HTTP Methods
HTTP has eight methods that defines the type of request made to server. These methods are also called ‘Verbs’.
The Common Methods are:
- Get: For retrieving an existing source on server.
- Post: To create a new resource on server. Post requests often carry payload for the new resource to be created.
- Put: This type is used for updating an existing resource on server. Payload may carry the updated information.
- Patch: Also updates existing resource on server. The difference between Put and Path is, Put used for replacing the resource where Patch used to modify the resource.
- Delete: Removes an exiting resource.
Less Used Methods are:
- Connect: Creates a tunnel connection to server. Can be used for checking connections without additional payload.
- Head: Retrieves data from server just like Get method but does not have a message body. Generally used for checking if a resource exists and/or changed.
- Options: Used for checking which HTTP methods server is supporting.
- Trace: Each proxy or gateway machine handling and forwarding request injects their IP or DNS name to header. Generally used for diagnostic purposes.
HTTP Status Codes
1xx Informational Messages: These messages available for the clients supporting HTTP 1.1. These messages are purely provisional.
Ex: 100 — Continue; meaning everything is good so far, please continue to send requests.
2xx Success Messages: Messages indicating success of action.
Ex: 200 — OK; The meaning of success depends on the type of request. Get requests, 200 means resource is transmitted to message body, Head requests, 200 means the entity headers are in message body, etc.
3xx Redirection Messages: This series the requires client to take further action to access resource requested.
Ex: 301 — Moved Permanently; The requested resource has been moved to another url .
4xx Client Error Messages: These messages implies request contains error and can not be fulfilled for various reasons.
Ex: 404 — Not Found; One of the most well-known HTTP response code, meaning the requested resource can not be found.
5xx Server Error Messages: Server error messages show that there is an error on server side and server is not capable of carrying on the request made.
Ex:500 — Internal Server Error: There is an unexpected condition occurs at the server side.
HTTP Headers
HTTP headers are simple key, value pairs seperated by “:” character to pass additional information between client and server about request, response, CORS, or object passed in the body.
There are four types of headers
1 — General: applies to both requests and responses
2 — Client Request: applies to only requests messages, contains information about client requesting the resource or information about the resource to be fetched.
3 — Server Response: only response messages contains response headers, has additional information about the resource’s location or server containing.
4 — Entity-header: contains meta information about entity-body.
HTTP CORS
CORS is short for Cross-Origin Resource Sharing. For security reasons, browsers does not allow if a resource is called from another domain other than the current one, this is called Same-Origin Policy. CORS headers are added to overcome this limitation.
Example:
We have our frontend application running at www.abc.com and we have backend API is serving from www.api-get-data.com, if we do not add CORS right headers to our requests, these requests will be blocked by server within single-origin policy.
Please check the following article for more information about CORS: Code Academy, What is CORS?
Further Reading
Knowing HTTP protocol is really important as a developer since it is one of the most used protocol by modern day applications. Please try to read on and understand and about HTTP protocol whenever you have spare time.
You do not need to read the specification itself unless you are really really interested. Here is the HTTP 1.1 specification itself: