Carlo Gonzales

Blog

  • HTTP Basics: HTTP Methods and Status Codes

    Estimated reading time: 6 minutes

    Table of contents

    Overview

    In HTTP communication, HTTP methods and response status codes are fundamental components that define the interactions between clients and servers.

    HTTP Methods

    HTTP methods, often referred to as “verbs,” specify the desired action to be performed on a given resource. The primary methods include:

    • GET: Retrieve data from the server.
    • POST: Submit data to the server, often resulting in a new resource creation.
    • PUT: Update or create a resource at a specified URI.
    • DELETE: Remove a specified resource.
    • HEAD: Similar to GET but retrieves only the headers without the body.
    • OPTIONS: Describe the communication options for the target resource.
    • PATCH: Apply partial modifications to a resource.

    Each method serves a distinct purpose, enabling precise control over web resources.

    HTTP Response Status Codes Upon receiving a request, the server responds with a status code that indicates the outcome. These codes are grouped into five classes:

    • 1xx (Informational): Request received; continuing process.
    • 2xx (Success): The request was successfully received, understood, and accepted.
    • 3xx (Redirection): Further action is needed to complete the request.
    • 4xx (Client Error): The request contains bad syntax or cannot be fulfilled.
    • 5xx (Server Error): The server failed to fulfill a valid request.

    Common status codes include:

    • 200 OK: The request succeeded.
    • 201 Created: The request succeeded, and a new resource was created.
    • 400 Bad Request: The server cannot process the request due to client error.
    • 401 Unauthorized: Authentication is required and has failed or has not yet been provided.
    • 403 Forbidden: The request is understood, but the server refuses to authorize it.
    • 404 Not Found: The requested resource could not be found.
    • 500 Internal Server Error: A generic error message indicating that the server encountered an unexpected condition.

    HTTP Methods

    HTTP defines several methods, each specifying a particular action to be performed on a resource. These methods, often referred to as HTTP verbs, include:

    HTTP GET Method

    Retrieves data from a server at the specified resource. It should not alter the server’s state and is considered safe and idempotent.

    Use Case: Fetching a webpage or reading data from an API.

    GET /index.html HTTP/1.1
Host: www.carlogonzales.com

    HTTP POST Method

    Sends data to the server to create a new resource. It may change the server’s state and is neither safe nor idempotent.

    Use Case: 

    POST /submit-form HTTP/1.1
Host: www.carlogonzales.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 27

name=Carlo&age=30

    HTTP PUT Method

    Updates an existing resource or creates it if it doesn’t exist. It is idempotent but not safe.

    Use Case: Updating user information or uploading a file to a specific URL.

    PUT /user/123 HTTP/1.1
Host: www.carlogonzales.com
Content-Type: application/json
Content-Length: 21

{"name": "John Doe"}

    HTTP DELETE Method

    Removes the specified resource from the server. It is idempotent but not safe.

    Use Case: Deleting a user account or removing a file.

    DELETE /user/123 HTTP/1.1
Host: www.carlogonzales.com

    HTTP HEAD Method

    Similar to GET but retrieves only the headers without the body. Useful for checking resource metadata.

    Use Case: Verifying if a resource exists or checking its last modified date.

    HEAD /index.html HTTP/1.1
Host: www.carlogonzales.com

    HTTP OPTIONS Method

    Describes the communication options for the target resource, detailing the supported HTTP methods.

    Use Case: Determining the methods supported by a server or resource.

    OPTIONS /api/users HTTP/1.1
Host: www.carlogonzales.com

    HTTP PATCH Method

    Applies partial modifications to a resource. It is neither safe nor idempotent.

    Use Case: Updating a user’s email address without affecting other data.

    PATCH /user/123 HTTP/1.1
Host: www.carlogonzales.com
Content-Type: application/json
Content-Length: 18

{"email": "[email protected]"}

    HTTP TRACE Method

    Echoes the received request, used mainly for diagnostic purposes.

    Use Case: Testing or diagnosing the path to the target resource.

    TRACE /test HTTP/1.1
Host: www.carlogonzales.com

    HTTP Method

    Establishes a tunnel to the server, commonly used for SSL tunneling.

    Use Case: Facilitating HTTPS connections through a proxy.

    CONNECT www.carlogonzales.com:443 HTTP/1.1
Host: www.carlogonzales.com

    HTTP Response Code

    HTTP status codes are standardized three-digit numbers that indicate the outcome of a client’s request to a server. They are categorized into five classes:

    • 1xx Informational: Request received; continuing process.
    • 2xx Success: Request successfully received, understood, and accepted.
    • 3xx Redirection: Further action needed to complete the request.
    • 4xx Client Error: Request contains bad syntax or cannot be fulfilled.
    • 5xx Server Error: Server failed to fulfill a valid request.

    Below is a comprehensive list of HTTP status codes, along with sample protocol responses and guidance on handling each:

    1xx Informational

    100 Continue

    The server has received the request headers, and the client should proceed to send the request body.

    Handling: Continue sending the request body.

    HTTP/1.1 100 Continue

    101 Switching Protocols

    The server is switching protocols as requested by the client.

    Handling: Switch to the protocol specified in the response.

    HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade

    102 Processing

    The server has received and is processing the request, but no response is available yet.

    Handling: Wait for the server to finish processing; no immediate action required.

    HTTP/1.1 102 Processing

    2xx Success

    200 OK

    The request succeeded.

    Handling: Process the response body as it contains the requested data.

    HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 85

{"message": "Success", "data": {...}}

    201 Created

    The request succeeded, and a new resource was created.

    Handling: Acknowledge the creation; use the Location header to reference the new resource.

    HTTP/1.1 201 Created
Location: https://api.example.com/resource/123
Content-Type: application/json
Content-Length: 36

{"message": "Resource created successfully"}

    202 Accepted

    The request has been accepted for processing, but the processing has not been completed.

    Handling: The request is being processed; no immediate action required.

    HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: 50

{"message": "Request accepted for processing"}

    3xx Redirection

    301 Moved Permanently

    The resource has been permanently moved to a new URI.

    Handling: Update bookmarks or references to the new URI; future requests should use the new URI.

    HTTP/1.1 301 Moved Permanently
Location: https://www.newdomain.com/resource

    302 Found

    The resource has been temporarily moved to a different URI.

    Handling: Follow the Location header to access the resource; continue using the original URI for future requests.

    HTTP/1.1 302 Found
Location: https://www.temporarydomain.com/resource

    304 Not Modified

    The resource has not been modified since the last request.

    Handling: Use the cached version of the resource; no need to download it again.

    HTTP/1.1 304 Not Modified

    4xx Client Error

    400 Bad Request

    The server cannot process the request due to client error (e.g., malformed request syntax).

    Handling: Review and correct the request parameters before retrying.

    HTTP/1.1 400 Bad Request
Content-Type: application/json
Content-Length: 45

{"error": "Invalid request parameters"}

    401 Unauthorized

    Authentication is required and has failed or has not yet been provided.

    Handling:

    HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="Access to the site"
Content-Type: application/json
Content-Length: 44

{"error": "Authentication credentials required"}

    403 Forbidden

    The request contained valid data and was understood by the server, but the server is refusing action.

    Handling: Verify permissions; access

    HTTP/1.1 403 Forbidden
Content-Type: application/json
Content-Length: 40

{"error": "Access to this resource is forbidden"}

    404 Not Found

    The requested resource could not be found on the server.

    Handling: Check the request URL for errors; the resource may not exist.

    HTTP/1.1 404 Not Found
Content-Type: application/json
Content-Length: 36

{"error": "Resource not found"}

    405 Method Not Allowed

    The request method is known by the server but is not supported by the target resource.

    Handling: Check the Allow header for supported methods and modify the request accordingly.

    HTTP/1.1 405 Method Not Allowed
Allow: GET, POST
Content-Type: application/json
Content-Length: 44

{"error": "Method not allowed for this resource"}

    409 Conflict

    The request could not be completed due to a conflict with the current state of the resource.

    Handling: Resolve the conflict and retry the request.

    HTTP/1.1 409 Conflict
Content-Type: application/json
Content-Length: 47

{"error": "Conflict with the current state of resource"}

    5xx Server Error

    500 Internal Server Error

    A generic error message indicating that the server encountered an unexpected condition.

    Handling: Retry later; if the issue persists, contact server support.

    HTTP/1.1 500 Internal Server Error
Content-Type: application/json
Content-Length: 44

{"error": "An unexpected error occurred"}

    502 Bad Gateway

    The server, while acting as a gateway or proxy, received an invalid response from the upstream server.

    Handling: Retry after some time; if the issue persists, investigate upstream server status.

    HTTP/1.1 502 Bad Gateway
Content-Type: application/json
Content-Length: 39

{"error": "Invalid response from upstream server"}

    503 Service Unavailable

    The server is currently unable to handle the request due to temporary overload or maintenance.

    Handling: Retry after the time specified in the Retry-After header.

    HTTP/1.1 503 Service Unavailable
Retry-After: 3600
Content-Type: application/json
Content-Length: 49

{"error": "Service unavailable; please try again later"}

    504 Gateway Timeout

    The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server.

    Handling: Retry after some time; if the issue persists, investigate upstream server status.

    HTTP/1.1 504 Gateway Timeout
Content-Type: application/json
Content-Length: 45

{"error": "Upstream server timed out"}

  • FastAPI Introduction

    What is FastAPI?

    FastAPI is a modern, high-performance web framework for building APIs with Python 3.8 and above. It leverages Python’s standard type hints, enabling developers to define data models and API endpoints with minimal code. This approach facilitates automatic validation, serialization, and interactive documentation generation, streamlining the development process.

    Built atop Starlette for the web components and Pydantic for data handling, FastAPI ensures both speed and reliability. Its asynchronous capabilities allow for efficient request handling, making it suitable for high-performance applications.

    One of FastAPI’s standout features is its automatic generation of interactive API documentation. By adhering to the OpenAPI standard, it provides user-friendly interfaces like Swagger UI and ReDoc, enabling developers and users to explore and test API endpoints seamlessly.

    In summary, FastAPI combines modern Python features with robust performance, making it an excellent choice for developers aiming to build efficient and scalable APIs.

    Key Features of FastAPI

    • High Performance

      FastAPI is built atop Starlette and Pydantic, enabling it to deliver performance on par with Node.js and Go. This high efficiency allows developers to create fast applications capable of handling numerous concurrent connections.

    • Ease of Use

      Designed with developer productivity in mind, FastAPI utilizes Python’s standard type hints and a straightforward syntax. This approach simplifies the learning curve and accelerates development, allowing developers to build applications more rapidly.

    • Automatic Interactive Documentation

      One of FastAPI’s standout features is its automatic generation of interactive API documentation. By adhering to the OpenAPI standard, it provides user-friendly interfaces like Swagger UI and ReDoc, enabling developers and users to explore and test API endpoints seamlessly.

    • Asynchronous Support

      FastAPI is built on asynchronous programming principles, enabling it to handle a high number of concurrent requests efficiently. By using Python’s async and await syntax, developers can build applications that manage multiple tasks simultaneously, leading to improved performance in I/O-bound operations.


    Alternatives

    While FastAPI excels in building high-performance APIs with features like automatic data validation and interactive documentation, other frameworks offer different strengths. Choosing the right framework depends on the specific requirements and goals of your project.

    1. Django

    Django is a high-level framework that provides a comprehensive suite of tools for web development, including an ORM, authentication, and an admin interface. Unlike FastAPI, which is designed for asynchronous performance and quick API development, Django follows a synchronous request-response cycle and is ideal for building full-fledged web applications with extensive built-in features.

    Use Cases

    Choose Django for:

    • Large, complex web applications
    • Projects requiring a full-stack solution
    • Content management systems or e-commerce platforms

    Choose FastAPI for:

    • High-performance API development
    • Microservices architecture
    • Real-time applications with WebSocket support

    2. Flask

    Flask is a lightweight microframework that offers simplicity and flexibility, allowing developers to add components as needed. While FastAPI provides automatic data validation and asynchronous capabilities, Flask requires manual setup for these features, making it more suitable for smaller projects or those requiring greater control over components.

    Use Cases

    Choose Flask for:

    • Small to medium-sized applications where simplicity and rapid development are priorities.
    • Projects that benefit from a minimalist framework, allowing developers to select and integrate only the components they need.
    • Applications where the overhead of asynchronous processing is unnecessary, and synchronous request handling suffices.

    Choose FastAPI for:

    • High-performance APIs that require efficient handling of numerous concurrent connections.
    • Projects that can leverage automatic data validation and interactive API documentation to streamline development and maintenance.
    • Applications that benefit from built-in asynchronous support, such as real-time data processing or microservices architectures.

    3. Tornado

    Tornado is an asynchronous networking library and web framework designed to handle long-lived network connections, such as those required for real-time updates in web applications. It has been a part of the Python ecosystem since 2009, offering robust support for applications that demand persistent connections.

    Use Cases

    Choose Tornado for:

    • Applications requiring long-lived, persistent connections (e.g., chat applications, live dashboards)
    • Real-time web features necessitating continuous data streaming
    • Projects that benefit from Tornado’s mature ecosystem and established stability

    Choose FastAPI for:

    • High-performance API development with automatic interactive documentation
    • Microservices architectures where rapid development and deployment are crucial
    • Applications that can leverage FastAPI’s support for asynchronous programming and data validation

    4. Sanic

    Sanic is an asynchronous web framework designed for building fast HTTP responses using Python’s async and await syntax. It emphasizes speed and efficiency, making it suitable for applications that require high concurrency and real-time data processing.

    Use Cases

    Choose Sanic for:

    • Real-time applications such as chat platforms and live data feeds.
    • Projects that prioritize raw performance and can manage manual data validation and documentation.
    • Scenarios where built-in WebSocket support is essential.

    Choose FastAPI for:

    • APIs that benefit from automatic data validation and interactive documentation.
    • Projects requiring rapid development with type safety and minimal boilerplate.
    • Applications that need seamless integration with modern Python features and asynchronous capabilities.

    5. Bottle

    Bottle is a minimalist Python web framework that implements everything in a single source file. It is suitable for small applications and prototyping. In contrast, FastAPI offers more features out-of-the-box, such as data validation and interactive API documentation, making it more robust for larger applications.

    Use Cases

    Choose Bottle for:

    • Prototyping or small applications where simplicity and minimalism are priorities.
    • Educational purposes or simple scripts that require a lightweight framework.
    • Projects where a single-file application is advantageous for ease of deployment and maintenance.

    Choose FastAPI for:

    • Scalable applications that benefit from built-in data validation and automatic interactive documentation.
    • Projects requiring asynchronous capabilities to handle numerous concurrent connections efficiently.
    • APIs where rapid development and type safety are essential, leveraging modern Python features.

    6. CherryPy

    CherryPy is an object-oriented Python web framework that allows developers to build web applications similarly to writing Python programs. While it provides a minimalist approach like FastAPI, CherryPy operates synchronously and doesn’t natively support asynchronous request handling, which FastAPI offers.

    Use Cases

    Choose CherryPy for:

    • Small to medium-sized applications where a minimalist, synchronous framework suffices.
    • Projects that benefit from an object-oriented approach to web development.
    • Applications where the overhead of asynchronous processing is unnecessary.

    Choose FastAPI for:

    • High-performance APIs requiring efficient handling of numerous concurrent connections.
    • Projects that can leverage automatic data validation and interactive API documentation.
    • Applications benefiting from built-in asynchronous support, such as real-time data processing or microservices architectures.

    7. AIOHTTP

    AIOHTTP is an asynchronous HTTP client/server framework that leverages Python’s asyncio library to build efficient web applications. It provides both client and server-side implementations, offering flexibility for various web development needs. Unlike FastAPI, AIOHTTP doesn’t include automatic data validation or interactive documentation, requiring additional setup for these features.

    Use Cases

    Choose AIOHTTP for:

    • Low-level control over asynchronous HTTP protocols, allowing for customized request and response handling.
    • Projects where manual setup of data validation and documentation is acceptable, providing flexibility in implementation.
    • Applications that require both HTTP client and server capabilities within the same framework.

    Choose FastAPI for:

    • Rapid development with built-in features like automatic data validation and interactive API documentation, streamlining the development process.
    • Applications that benefit from seamless integration with modern Python features and asynchronous capabilities, enhancing performance and scalability.
    • Projects where developer productivity and maintainability are prioritized, thanks to FastAPI’s user-friendly design.

    8. Starlette

    Starlette is a lightweight ASGI framework/toolkit designed for building asynchronous web services in Python. It provides essential components like routing, middleware support, and WebSocket handling, serving as the foundational layer upon which FastAPI is built. While Starlette offers the core tools for web development, FastAPI extends these capabilities by adding features such as data validation, serialization, and automatic interactive API documentation.

    Use Cases

    Choose Starlette for:

    • Applications that require a lightweight, low-complexity framework without additional abstractions.
    • Projects where developers prefer to implement their own data validation and documentation systems.
    • Scenarios where fine-grained control over the application’s components is necessary.

    Choose FastAPI for:

    • Rapid development of APIs with built-in data validation and automatic interactive documentation.
    • Projects that benefit from FastAPI’s dependency injection system and type hinting for improved code quality and maintainability.
    • Applications requiring high performance and scalability, leveraging FastAPI’s asynchronous capabilities.