GET vs POST in REST Web Service

Question

I\'m in the process of developing a REST service that allows a user to claim their listing based on a couple of pieces of information that appear on their invoice (invoice n

Answer 1

You question starts with some bad presumptions. Firstly, GET is not just for any old idempotent operation, it is for GETting resources from the server; it just happens that doing so should be side effect free. Secondly, the URL is not the only way for a GET request to send data to the server, you can use a payload with a GET request (at least as far as HTTP is concerned, some implementations are bad and don't support this or make it hard). Third, as pointed out, you have chosen some terrible data fields to secure your access. Finally, you are using a plain text protocol any way, so what neither method really offers and better security.

You should use the the verb that best describes what you are doing, you are getting some information from the server, so use GET. Use some proper security, such as basic HTTPS encryption. If you want to avoid these fields 'clogging' up the URL, you can send data in the payload of the request, something like:

GET /listings HTTP/1.1
Content-Type = application/json

{ "zip"     : "IN0N0USZ1PC0D35",
  "invoice" : "54859081145" }