API Testing Tutorial Part 5 – Safe Methods in HTTP Methods
In previous post, we have seen Introduction of HTTP methods.
In this post, we will see what is called safe methods in HTTP methods. This is an important interview question also.
All HTTP methods can be categorised in two categories: Safe methods & Unsafe methods.
We know that all HTTP methods deal with resource. Some read the state of resource or some create/update the state of resource.
If an HTTP method does not change/modify the resource information on the server side or perform read only operation, is called a SAFE HTTP Method. The reason it is called as a safe method as it does not alter resource information and prevents actual resource state. GET, HEAD and OPTIONS HTTP methods are safe methods. This methods perform read only operations. POST, PUT etc are unsafe methods.
Suppose, you develop an API which gives current interest rate on saving account. This interest rate should be updated only by authorized people. If any normal employee wants to see interest rate, employee needs to hit that API which gives him current interest rate and he should not able to edit it in any way. That API should be a GET http method.
Safe methods are methods that can be cached, pre-fetched without any influence to the resource.
But it is also possible that a GET method can change resource on server side as it depends on developers how they create it.
More about API Testing in upcoming posts. Stay tuned.
If you have any doubt, feel free to comment below.
If you like my posts, please like, comment, share and subscribe.
4 thoughts on “API Testing Tutorial Part 5 – Safe Methods in HTTP Methods”
Thanks for such a lovely explanation.
My question is if GET method can change resource on server side? How to validate the original response values? Will the changed resource be updated on db ?
Basically i want to ask Why we update GET request ?
If all depends how developers create a GET api. If it is designed to update something on server like number of hits on same request.
ok so for trakcing the number of hits. We are going against the definition and defining our own standard ! But does the system allows it as it will be against definiton
Yeah because it is conventions not strict rules like we have naming conventions for method or class name.