Panel Discussion: API Security in DevSecOps. Watch the Recording

Panel Discussion: API Security in DevSecOps. Watch the Recording

Panel Discussion: API Security in DevSecOps. Watch the Recording

/

/

PUT vs POST

PUT vs POST

PUT vs POST
PUT vs POST
PUT vs POST
Author Image

Luke Stephens

Luke Stephens

Luke Stephens

PUT vs POST

PUT and POST are two HTTP methods often used in API and web form communication. They have distinct roles. The key differences between PUT and POST HTTP methods are as follows:

Idempotency

  • PUT is idempotent, meaning that making the same request will always produce the same result.

  • In contrast, POST is not idempotent, so repeated requests may yield different outcomes.

Primary Use

  • PUT is typically used to update existing resources, or to create new resources at a specified, known URL.

  • On the other hand, POST is mainly used to create new resources, with the server providing the new URL.

Data Location

  • Both PUT and POST send data in the request body.

Effect on Resources

  • PUT should not create a new resource if one already exists at the given URI.

  • Conversely, POST can create multiple resources or trigger a variety of other operations.

URL in Request

  • In a PUT request, the URL specifies the resource to be updated or created.

  • For POST requests, the URL indicates where to send the data for processing.

Example of Http PUT vs POST:

A real-world analogy for PUT vs POST is the difference between placing a letter in a specific mailbox (PUT) versus dropping it into a post box (POST).

For PUT, imagine you have a letter to send to a specific person at a known address. You go directly to their mailbox (the URI) and place the letter inside. If a letter from you is already in the mailbox, it gets replaced with the new one. This is similar to how PUT works: you are placing data at a known URI, and if data already exists there, it gets replaced with the new data.

For POST, imagine you have a letter but no specific mailbox to place it in. Instead, you drop it into a post box. The postal service (the server) then decides where the letter needs to go based on the information you've provided. If you drop multiple letters into the post box, multiple deliveries will be made. Similarly, with POST, you send data to a server that determines where the data should be stored, and multiple POST requests can result in multiple new resources.

Put vs Post example

PUT to update a resource:

PUT /api/users/12345 HTTP/1.1
Host: www.example.com
Content-Type: application/json

{
  "name": "Jane Doe",
  "email": "jane.doe@example.com"
}

POST to create a resource:

POST /api/users HTTP/1.1
Host: www.example.com
Content-Type: application/json

{
  "name": "John Smith",
  "email": "john.smith@example.com"
}

How to Choose between PUT and POST

Use PUT when:

  • The client is responsible for determining the URI of the new or updated resource.

  • You are replacing an entire resource or creating a resource with a client-defined identifier.

  • The operation needs to be idempotent, ensuring that repeated requests will have the same effect as a single request.

Use POST when:

  • The server is responsible for assigning a new unique identifier for the created resource.

  • The operation does not have to be idempotent, or it involves creating new resources.

  • The action performed is complex or does not fit neatly into the CRUD model.

PUT is ideal when the client knows the exact location of the resource and wants to update it or create a new resource at that location. POST is better suited for when the client is submitting data to be processed by the server, and the server will determine where the new resource will be located (specifying the new URL in its response).

On this page

Title

Protect your APIs from attacks now

Protect your APIs from attacks now

Protect your APIs from attacks now

Explore more from Akto

Blog

Be updated about everything related to API Security, new API vulnerabilities, industry news and product updates.

Events

Browse and register for upcoming sessions or catch up on what you missed with exclusive recordings

CVE Database

Find out everything about latest API CVE in popular products

Test Library

Discover and find tests from Akto's 100+ API Security test library. Choose your template or add a new template to start your API Security testing.

Documentation

Check out Akto's product documentation for all information related to features and how to use them.