× {{alert.msg}} Never ask again
Get notified about new tutorials RECEIVE NEW TUTORIALS

Restful API authentication GET or POST? And how to get them in Node.js Express?

Joseph Callaars
Nov 17, 2015
<p>API's are so common nowadays, that a lot of questions are based around authentication. And rightfully so, as you don't want to anyone else to access your data!</p> <p>One of these questions is about what method to use when requesting data from the server. The answer might be simpler than initially thought as it's basically all in the name.</p> <p> </p> <h2>What's a GET request?</h2> <p>For example, if you <em>want</em> something from the server then you would most likely need to do a GET. For example if you want a list of items. </p> <p>But I hear you ask: <em>"What if I need to filter on a list of users?" </em></p> <p>That you want something from the server doesn't mean you are unable to specify the server what exactly you need. For example in the browser if you go to <strong>http://someserver.com/index?page=12</strong> you are requesting the <strong>index </strong>page, and as a GET you are requesting <strong>page=12</strong>.</p> <p> </p> <h2>What's a POST request?</h2> <p><span style="color:rgb(95, 99, 102)">But if you want to </span><em>give something</em><span style="color:rgb(95, 99, 102)"> back to the server (for example the username and password), you are better off doing a POST. </span></p> <p><span style="color:rgb(95, 99, 102)">A POST is in essence the same as a GET, however it will not be part of the URL, but instead part of the <em>body</em> of a request. The idea behind this is that you can add more data that you want to send to the server. Another difference between this is the behavior in browsers:</span></p> <p><span style="color:rgb(95, 99, 102)">Where a GET is part of the URL, and POST is part of the body, only the URL is saved with the internet history. This means the user can retrace its steps through a website by looking at an URL (if you're somewhat sure what you are looking at), but they would never know what has been posted.</span></p> <p> </p> <h2>An example</h2> <p>So with all that theory behind us, let's see how we use them on a server side node.js application.</p> <p>For a GET, we would do the following:</p> <pre><code>// Initialize our app var app = require('express'); var bodyParser = require('body-parser'); // Makes sure we can handle POST requests in JSON app.use(bodyParser.json()); // Makes sure we can handle POST requests in url encoded form app.use(bodyParser.urlencoded({extended: true})); // Create a POST request app.post('/somepath', function handlePost(req, res) { // If we want to get the POST variables, we can do the following. var username = req.body.username; var password = req.body.password; }); // Create a GET request app.get('/somepath', function handleGet(req, res) { // If we want to get the GET variables, we can do the following. var page = req.query.page; var limit = req.query.limit; });</code></pre> <p>And this works perfectly.</p>
comments powered by Disqus