HTTP Methods

HTTP Methods

HTTP methods tell the server what action to perform on a resource. In a REST API, each method corresponds to a specific type of operation. In this episode you will learn all the HTTP methods, when to use each one, and how they map to database operations.

The Five Main Methods

Method	Purpose	Has Body	Idempotent	Safe
GET	Retrieve data	No	Yes	Yes
POST	Create new data	Yes	No	No
PUT	Replace existing data entirely	Yes	Yes	No
PATCH	Partially update existing data	Yes	Yes	No
DELETE	Remove data	Optional	Yes	No

What Is Idempotent?

An idempotent method produces the same result no matter how many times you call it. Sending the same GET request 10 times returns the same data. Sending the same PUT request 10 times updates the same resource to the same state. But sending the same POST request 10 times creates 10 new records.

What Is Safe?

A safe method does not modify data on the server. GET is safe because it only reads. POST, PUT, PATCH, and DELETE are not safe because they change data.

GET — Read

GET /api/ninjas          → Retrieve all ninjas
GET /api/ninjas/123      → Retrieve ninja with ID 123
GET /api/ninjas?rank=5   → Retrieve ninjas filtered by rank

• Does not have a request body
• Data filters are passed as query parameters (?key=value)
• Response contains the requested data
• Returns 200 OK on success, 404 Not Found if the resource does not exist

POST — Create

POST /api/ninjas
Body: { "name": "Ryu", "rank": 5, "available": true }

Response: 201 Created
{ "id": "abc123", "name": "Ryu", "rank": 5, "available": true }

• Sends data in the request body (usually JSON)
• Creates a new resource on the server
• Returns 201 Created with the new resource (including its generated ID)
• Not idempotent — each POST creates a new record

PUT — Replace

PUT /api/ninjas/abc123
Body: { "name": "Ryu", "rank": 8, "available": false }

Response: 200 OK
{ "id": "abc123", "name": "Ryu", "rank": 8, "available": false }

• Replaces the entire resource with the provided data
• Must include all fields — omitted fields are removed or set to defaults
• Idempotent — sending the same PUT request multiple times has the same effect
• Returns 200 OK with the updated resource

PATCH — Partial Update

PATCH /api/ninjas/abc123
Body: { "rank": 10 }

Response: 200 OK
{ "id": "abc123", "name": "Ryu", "rank": 10, "available": false }

• Updates only the specified fields — everything else stays unchanged
• More efficient than PUT when you only need to change one field

PUT vs PATCH

Aspect	PUT	PATCH
Scope	Replaces the entire resource	Updates only specified fields
Missing fields	Set to null/default	Left unchanged
Body	Must contain all fields	Only the fields to change
Use case	Full resource replacement	Small, targeted changes

DELETE — Remove

DELETE /api/ninjas/abc123

Response: 200 OK
{ "message": "Ninja deleted" }

• Removes the resource from the server
• Idempotent — deleting a resource that is already deleted returns the same result
• Returns 200 OK with a confirmation, or 204 No Content with no body

Mapping to Database Operations

HTTP Method	CRUD	MongoDB Method	SQL Equivalent
GET	Read	find() / findById()	SELECT
POST	Create	save() / create()	INSERT
PUT	Update	findByIdAndUpdate()	UPDATE
DELETE	Delete	findByIdAndDelete()	DELETE

Request Anatomy

POST /api/ninjas HTTP/1.1               ← Method + URL + Protocol
Host: localhost:3000                    ← Headers
Content-Type: application/json          ← Headers
Authorization: Bearer token123          ← Headers
                                        ← Empty line
{"name": "Ryu", "rank": 5}             ← Body (JSON)

Key Takeaways

• GET reads data, POST creates, PUT replaces, PATCH partially updates, DELETE removes
• GET is safe (does not modify data) and idempotent (same result every time)
• POST is not idempotent — each call creates a new resource
• PUT replaces the entire resource; PATCH updates only the specified fields
• Each HTTP method maps directly to a CRUD database operation
• Status codes communicate the result: 200 OK, 201 Created, 404 Not Found, etc.