1. What is HTTP/HTTPS?
HTTP (HyperText Transfer Protocol)
- A communication protocol used by web browsers and servers.
- It defines how data travels on the internet.
HTTPS (HTTP Secure)
- Secure version of HTTP.
- Uses SSL/TLS encryption to protect data.
- Keeps information safe, especially during logins, online payments, banking, etc.
Purpose of both:
To send and receive data between client (browser/app) and server.
2. Why Are HTTP/HTTPS Methods Important?
HTTP methods define how data is exchanged between client and server.
They allow CRUD operations:
- C – Create (POST)
- R – Read (GET)
- U – Update (PUT)
- D – Delete (DELETE)
These methods form the foundation of APIs and web communication.
3. Overview of HTTP Methods
| Method | Purpose | Common Use Cases |
|---|---|---|
| GET | Retrieve (read) data | Fetch web pages, search data, load profiles |
| POST | Send/create new data | Submit forms, register users, upload files |
| PUT | Update/replace data | Update records, modify user details |
| DELETE | Remove data | Delete accounts, remove items |
4. Detailed Explanation of Each Method
a) GET Method
Purpose: Retrieve data from the server.
Characteristics:
- Data is sent in the URL as query parameters.
Example:https://example.com/products?category=books - Idempotent: Sending it multiple times gives the same result.
- No request body.
- Fast and commonly used for reading data.
Example Request:
GET /products?category=books HTTP/1.1
Host: www.example.com
Use Cases:
Viewing products, searching data, fetching user details, reading blog posts.
b) POST Method
Purpose: Create new data on the server.
Characteristics:
- Data is sent in the body of the request.
- Not idempotent: Sending it multiple times may create duplicates.
- Often used with forms and APIs.
Example Request:
POST /register HTTP/1.1
Host: www.example.com
Content-Type: application/json
{
"username": "user123",
"password": "pass123"
}
Use Cases:
User registration, login, file uploads, submitting forms.
c) PUT Method
Purpose: Update or completely replace existing data.
Characteristics:
- Data is sent in the body of the request.
- Idempotent: Sending the same request again gives the same result.
- Often replaces the entire record.
Example Request:
PUT /profile/123 HTTP/1.1
Host: www.example.com
Content-Type: application/json
{
"name": "John Doe",
"email": "john.doe@example.com"
}
Use Cases:
Update user profile, modify product details, replace configurations.
d) DELETE Method
Purpose: Remove a resource from the server.
Characteristics:
- Usually does not include a body.
- Idempotent: Deleting the same resource again has the same result (resource no longer exists).
Example Request:
DELETE /products/123 HTTP/1.1
Host: www.example.com
Use Cases:
Delete items, close user accounts, remove records.
5. Comparison Table
| Feature | GET | POST | PUT | DELETE |
|---|---|---|---|---|
| Purpose | Read data | Create data | Update/replace | Remove data |
| Idempotent? | Yes | No | Yes | Yes |
| Request Body | No | Yes | Yes | No |
| Common Use | View | Create | Update | Delete |
6. Important HTTP Response Codes (Easy to Remember)
Success Codes
| Code | Meaning |
|---|---|
| 200 – OK | Request successful, data returned |
| 201 – Created | New resource created |
| 202 – Accepted | Request received but processing later |
| 204 – No Content | Successful but no data returned |
Redirection Codes
| Code | Meaning |
|---|---|
| 301 – Moved Permanently | Resource moved permanently to a new URL |
| 302 – Found | Temporary redirect |
| 304 – Not Modified | No change since last request |
Client Error Codes
| Code | Meaning |
|---|---|
| 400 – Bad Request | Invalid request |
| 401 – Unauthorized | Authentication needed |
| 403 – Forbidden | Access denied |
| 404 – Not Found | Resource not found |
Server Error Codes
| Code | Meaning |
|---|---|
| 500 – Internal Server Error | Server failure |
| 501 – Not Implemented | Server doesn’t support the method |
| 502 – Bad Gateway | Invalid response from another server |
| 503 – Service Unavailable | Server overloaded or under maintenance |
7. Quick Revision
- GET → Read data
- No body
- Data in URL
- Idempotent
- POST → Create data
- Body required
- Not idempotent
- PUT → Update/Replace data
- Body required
- Idempotent
- DELETE → Remove data
- No body
MCQs — GET, POST, PUT, DELETE
1
Which HTTP method is considered “safe” because it is intended only to retrieve data and not change server state?
A. POST
B. PUT
C. GET
D. DELETE
Answer: C — GET.
Explanation: GET is intended for retrieval and should not change server state.
2
Which HTTP method is not idempotent (i.e., repeated requests may create multiple resources)?
A. GET
B. PUT
C. DELETE
D. POST
Answer: D — POST.
Explanation: POST often creates new resources; repeated POSTs can create duplicates.
3
Which method should typically be used to replace an existing resource completely?
A. PATCH
B. PUT
C. POST
D. GET
Answer: B — PUT.
Explanation: PUT replaces the target resource with the provided representation (idempotent).
4
Which method is normally used to remove a resource identified by a URL?
A. GET
B. POST
C. DELETE
D. PUT
Answer: C — DELETE.
Explanation: DELETE requests the server to remove the resource.
5
Where is data normally sent in a POST request?
A. In the URL path
B. In headers only
C. In the request body
D. In the response body
Answer: C — In the request body.
Explanation: POST sends data (form/json) in the request body.
6
Which HTTP status code indicates that a new resource was successfully created?
A. 200
B. 201
C. 204
D. 404
Answer: B — 201 Created.
Explanation: 201 is the standard response for successful resource creation.
7
Which method is idempotent? (choose the best option)
A. POST only
B. GET and POST
C. GET, PUT, DELETE
D. POST and PUT
Answer: C — GET, PUT, DELETE.
Explanation: GET, PUT, DELETE are idempotent; POST is not.
8
Which of the following statements about GET requests is FALSE?
A. GET requests can be cached.
B. GET requests should not have side effects.
C. GET request parameters are usually in the URL.
D. GET requests always include a request body.
Answer: D — GET requests always include a request body.
Explanation: GET normally does not have a request body.
9
Which status code means “No Content” and is commonly used in response to successful DELETE or PUT requests when no body is returned?
A. 200
B. 201
C. 202
D. 204
Answer: D — 204 No Content.
Explanation: 204 indicates success but no response body.
10
A client wants to update only one field of a resource (partial update). Which method is preferred?
A. GET
B. PUT
C. PATCH
D. DELETE
Answer: C — PATCH.
Explanation: PATCH is used for partial updates; PUT is usually full replace.
11
Which HTTP method may include a request body but is not intended for retrieving data?
A. GET
B. HEAD
C. POST
D. OPTIONS
Answer: C — POST.
Explanation: POST includes body data to create/submit data.
12
If you submit the same PUT request twice, the server’s state should be:
A. Different after the second request
B. The same as after the first request
C. Undefined
D. An error occurs
Answer: B — The same as after the first request.
Explanation: PUT is idempotent — repeated identical requests have the same effect.
13
Which of the following is TRUE about caching?
A. POST responses are always cacheable by default.
B. GET responses can be cached unless headers prevent it.
C. DELETE responses are always cached.
D. PUT responses are cacheable by default.
Answer: B — GET responses can be cached unless headers prevent it.
Explanation: GET is cache-friendly; POST/PUT/DELETE are not cacheable by default.
14
When a resource is successfully updated with PUT, which HTTP status code is commonly returned when the server chooses to return the updated resource?
A. 201
B. 200
C. 301
D. 404
Answer: B — 200 OK.
Explanation: 200 OK is returned when the server returns a representation after update.
15
Which method is most appropriate for submitting a login form?
A. GET
B. POST
C. PUT
D. DELETE
Answer: B — POST.
Explanation: Login credentials should be sent in the request body (POST) and not exposed in URL.
16
Which response code indicates the HTTP method used is not allowed for the requested resource?
A. 400
B. 401
C. 403
D. 405
Answer: D — 405 Method Not Allowed.
Explanation: 405 is returned when the method is recognized but not allowed on that resource.
17
Which HTTP method should you use when you want the server to process data asynchronously and immediately return an acceptance?
A. GET
B. POST with 202 Accepted
C. PUT
D. DELETE
Answer: B — POST with 202 Accepted.
Explanation: 202 Accepted indicates the server accepted the request for processing later.
18
Which characteristic differentiates PUT from POST in REST principles?
A. PUT is non-idempotent, POST is idempotent
B. PUT targets a known resource URI, POST targets a resource collection endpoint
C. PUT cannot have a body, POST can
D. PUT is only for deleting resources
Answer: B — PUT targets a known resource URI, POST targets a resource collection endpoint.
Explanation: PUT is usually for a specific URI (replace), POST is for creating under a collection.
19
Which header is important to indicate the format of data in POST/PUT requests?
A. Accept-Language
B. Content-Type
C. Accept-Encoding
D. Cache-Control
Answer: B — Content-Type.
Explanation: Content-Type tells server how to parse the request body (e.g., application/json).
20
Which HTTP method does NOT necessarily require a request body and is commonly used to get response headers only?
A. POST
B. PUT
C. HEAD
D. DELETE
Answer: C — HEAD.
Explanation: HEAD is like GET but returns only headers (no body).
21
Select the correct pairing: method → typical semantic meaning.
A. GET → create resource
B. POST → retrieve resource
C. PUT → replace resource
D. DELETE → update resource
Answer: C — PUT → replace resource.
Explanation: Only C matches typical semantics.
22
Which method should be used when a client does not know the final resource URI and expects server to generate it?
A. PUT
B. POST
C. GET
D. DELETE
Answer: B — POST.
Explanation: POST to collection endpoints often lets server generate new resource URIs (e.g., POST /users).
23
Which statement about DELETE is correct?
A. DELETE always returns 200 OK.
B. DELETE should never be idempotent.
C. A successful DELETE may return 200, 202, or 204 depending on the server.
D. DELETE must include a request body.
Answer: C — A successful DELETE may return 200, 202, or 204.
Explanation: Servers choose among codes based on whether they return content or processing is asynchronous.
24
If an API uses POST to perform an action that is safe and cacheable, this is considered:
A. RESTful best practice
B. Resource-oriented design
C. Misuse of HTTP semantics (not recommended)
D. Mandatory for security
Answer: C — Misuse of HTTP semantics (not recommended).
Explanation: Using POST for safe/cacheable retrieval breaks HTTP semantics and caching.
25
Which of the following HTTP methods is considered safe and cacheable by default?
A. GET is safe and cacheable; POST is not.
B. POST is safe and cacheable; GET is not.
C. PUT is safe and cacheable.
D. DELETE is safe and cacheable.
Answer: A — GET is safe and cacheable; POST is not.
Explanation: GET is intended to be safe (no side effects) and cacheable; POST is not safe.
26
Which error code indicates the client must authenticate to get the requested response?
A. 400
B. 401
C. 403
D. 404
Answer: B — 401 Unauthorized.
Explanation: 401 means authentication is required or failed.
27
A web client sends PUT /resource/123 with a full JSON body to replace the resource. If the resource doesn’t exist, the PUT should normally:
A. Return 404 Not Found
B. Always return 500 Internal Server Error
C. Create the resource at /resource/123 (behavior depends on API design)
D. Return 301 Moved Permanently
Answer: C — Create the resource at /resource/123 (behavior depends on API design).
Explanation: PUT can create or update at the given URI; API designers decide exact behavior.
28
Which header should a client examine to determine whether a GET response can be reused from cache?
A. Content-Type
B. Cache-Control
C. Content-Length
D. Server
Answer: B — Cache-Control.
Explanation: Cache-Control and related headers (Expires, ETag) control caching.
29
Which of the following is a reason to use HTTPS instead of HTTP when sending POST requests?
A. HTTPS reduces payload size.
B. HTTPS encrypts the request body (protects credentials and sensitive data).
C. HTTPS makes POST idempotent.
D. HTTPS changes POST into GET.
Answer: B — HTTPS encrypts the request body.
Explanation: HTTPS secures transport, protecting request bodies and headers.
30
In RESTful APIs, which combination is most REST-compliant for creating and updating resources?
A. Use GET to create, POST to update
B. Use POST to create, PUT/PATCH to update
C. Use DELETE to create, GET to update
D. Use PUT to create, DELETE to update
Answer: B — Use POST to create, PUT/PATCH to update.
Explanation: Standard REST conventions: POST for creation, PUT for full replace, PATCH for partial update.