GET

HTTP GET

SafeYes
IdempotentYes
CacheableYes
Request bodyNo
Response bodyYes

Overview

GET is the most fundamental HTTP method, used to retrieve a resource from the server. It only reads data without changing server state, so it is safe, and repeating the same request yields the same result, so it is idempotent.

Details

A GET request should not carry a body. Parameters go in the URL query string (`?q=value`) or path. Never put sensitive data in a GET query, because it ends up in browser history, server logs, and the Referer header.

GET responses are cacheable. Sending `Cache-Control`, `ETag`, or `Last-Modified` lets browsers, CDNs, and proxies store the response and answer future requests with 304 Not Modified to save bandwidth. Large resources can be fetched partially with the `Range` header, returning 206 Partial Content.

Request / Response example

Request
GET /api/users/42 HTTP/1.1
Host: api.example.com
Accept: application/json
Response
HTTP/1.1 200 OK
Content-Type: application/json
Cache-Control: max-age=60

{ "id": 42, "name": "Ada" }

In code

curl https://api.example.com/api/users/42
const res = await fetch('/api/users/42');
if (res.ok) {
  const user = await res.json();
}
@app.get('/api/users/<int:uid>')
def get_user(uid):
    user = db.find(uid)
    return jsonify(user) if user else ('', 404)

Common mistakes

Typical status codes

Related methods

Related headers