Many people may have heard of HTTP, even worked with it, without having a fundamental understanding of what it is and how it works.
HTTP is a client-server protocol that facilitates the transfer of resources between clients and server over networks. The communication is initiated by the client (typically a browser, but can be any HTTP client) makes a request to the server, to which the server sends a response.
To experiment with some of the topics covered in this post I recommend checking out https://httpbin.org/, it is a simple HTTP request/response service that is great for learning and testing out code that needs to interact with HTTP endpoints.
An HTTP request in their most basic form consist of an HTTP method, the HTTP version, the path to the requested resource, and optionally request headers. For some types of requests (E.g. POST), the request will also have a body component.
Methods tell the server what action should be performed with the request. Available HTTP methods are
Get requests simply request a resource from a server, this is a read-only method.
Head is almost identical to the GET request, however, the requested resource is omitted from the response and only the headers are returned. This is great in instances where only some information about the resources that would be in the response headers (E.g. last-modified) is required and it would be inefficient to download the entire resource just for some information that would be in the response header.
Post requests can pass some data to the server in a request body, often this is something like a JSON document or some form data. Sending data via a POST request is advantageous in several ways, the most important factor being that the request body can be encrypted via HTTPS.
A PUT request, similar to a POST request in the sense that it can carry a request payload to the server, replaces the requested resource with the data in the message payload.
As the name implies, a DELETE request will delete the resource specified in the request.
Connect requests establish a two-way tunnel between a client and a server, typically this is utilised for establishing an SSL connection between two endpoints.
The OPTIONS method requests from the server the allowed HTTP methods for the requested resource. The server will respond with an OPTIONS header defining the allowed methods.
Typically only used for diagnostic reasons, a TRACE request will be responded to by echoing the exact request back to the client.
Similar to a PUT request in the sense that it can update the specified resource on the server, however, a PATCH request allows for partial updating of a resource as compared to a PUT which only allows for the resource to be created or fully replaced.
HTTP headers provide the ability for a client and server to transmit additional data within their request or response. The header data contained are essentially key/value pairs.
There are four different types of headers, each of which defines a different context of data that they contain.
Headers that can be used in both requests and responses fall into this category.
As implied by the name request headers encompass header data used in the context of an HTTP request.
Like request headers, the name rightly implies that they encompass header data relating an HTTP response but not strictly relating to the content of the response.
These are used for header data strictly relating to the body of a request or response. Information like the Content-Length and Encoding fall into the entity-header context.
For a full authoritative list of all the standardised http headers see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers.
HTTP responses typically consist of a status code, status message, headers, and an optional body component dependant on the request method.
The status code and message communicate to the client the result of the requested operation (more on status codes below), and the body will contain the requested resource where applicable.
HTTP status codes are how a server signals to a server the status of the request that was made. Valid HTTP response codes fall into five categories in numbers ranging from 100-599.
See https://developer.mozilla.org/en-US/docs/Web/HTTP/Status for a full list and detailed explanation of each of the defined HTTP status codes.
Below is a generalised overview of each type of status code.
Everything is OK, the response should contain the requested resource.
What you are requesting has moved or changed, the response should contain the resource or path to the where the resource is now located.
Client Errors (4xx)
Your request was bad, typically no resource in the response. The client will need to appropriately handle a 4xx response
Server Errors (5xx)
The server screwed up, typically some error condition on the server-side application.