Maritime Signal Station — Online

HTTP Methods Cheat Sheet

Interactive reference for all HTTP request methods. Learn GET, POST, PUT, PATCH, DELETE, and more. Filter by safety, idempotency, and cacheability. Copy examples instantly.

9
Methods
3
Safe
6
Idempotent
3
Cacheable
GET
Safe Idempotent Cacheable

Retrieve a representation of the target resource. GET requests should only retrieve data and have no other effect. The most commonly used HTTP method.

Has Body?No (should not)
Common Codes200, 204, 304, 400, 401, 403, 404, 500
GET /api/users/42 HTTP/1.1
Host: api.example.com
Accept: application/json

--- Response ---
HTTP/1.1 200 OK
Content-Type: application/json

{ "id": 42, "name": "Ada Lovelace" }
POST
Unsafe Not Idempotent Not Cacheable

Submit an entity to the specified resource, often causing a change in state or side effects on the server. Used to create new resources or trigger actions.

Has Body?Yes
Common Codes201, 200, 204, 400, 401, 403, 409, 422
POST /api/users HTTP/1.1
Host: api.example.com
Content-Type: application/json

{ "name": "Grace Hopper", "role": "admin" }

--- Response ---
HTTP/1.1 201 Created
Location: /api/users/43
PUT
Unsafe Idempotent Not Cacheable

Replace all current representations of the target resource with the request payload. Creates the resource if it does not exist (when client knows the target URI).

Has Body?Yes
Common Codes200, 201, 204, 400, 401, 403, 404, 409
PUT /api/users/42 HTTP/1.1
Host: api.example.com
Content-Type: application/json

{ "id": 42, "name": "Ada Lovelace", "role": "admin" }

--- Response ---
HTTP/1.1 200 OK
PATCH
Unsafe Not Idempotent Not Cacheable

Apply partial modifications to a resource. Unlike PUT which replaces the entire resource, PATCH carries a set of instructions describing how to modify the resource.

Has Body?Yes
Common Codes200, 204, 400, 401, 403, 404, 409, 415
PATCH /api/users/42 HTTP/1.1
Host: api.example.com
Content-Type: application/json

{ "role": "editor" }

--- Response ---
HTTP/1.1 204 No Content
DELETE
Unsafe Idempotent Not Cacheable

Remove the specified resource from the server. The URI should map to a single resource, not a collection. Deleting the same resource multiple times has the same effect.

Has Body?No (optional)
Common Codes200, 202, 204, 400, 401, 403, 404
DELETE /api/users/42 HTTP/1.1
Host: api.example.com

--- Response ---
HTTP/1.1 204 No Content
HEAD
Safe Idempotent Cacheable

Identical to GET but transfers the status line and header section only, without a message body. Useful for checking resource existence, size, or modification time without downloading.

Has Body?No
Common Codes200, 204, 304, 400, 401, 403, 404
HEAD /api/users/42 HTTP/1.1
Host: api.example.com

--- Response ---
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 42
Last-Modified: Mon, 11 May 2026 10:00:00 GMT
OPTIONS
Safe Idempotent Not Cacheable

Describe the communication options for the target resource. Returns supported methods, CORS headers, and other capabilities. Widely used for CORS preflight requests.

Has Body?No
Common Codes200, 204, 400, 401, 403, 404
OPTIONS /api/users HTTP/1.1
Host: api.example.com
Origin: https://app.example.com

--- Response ---
HTTP/1.1 204 No Content
Allow: GET, POST, HEAD, OPTIONS
Access-Control-Allow-Origin: *
TRACE
Safe Idempotent Not Cacheable

Perform a message loop-back test along the path to the target resource. Echoes back the received request so the client can see what intermediate servers are adding or changing.

Has Body?No
Common Codes200, 400, 403, 404, 405
WarningOften disabled due to XST attacks
TRACE /api/users HTTP/1.1
Host: api.example.com

--- Response ---
HTTP/1.1 200 OK
Content-Type: message/http

TRACE /api/users HTTP/1.1
Host: api.example.com
CONNECT
Unsafe Not Idempotent Not Cacheable

Establish a tunnel to the server identified by the target resource. Primarily used with proxies to create an end-to-end encrypted connection (e.g., HTTPS through an HTTP proxy).

Has Body?No
Common Codes200, 400, 401, 403, 404, 405, 407
CONNECT api.example.com:443 HTTP/1.1
Host: api.example.com:443
Proxy-Authorization: Basic dXNlcjpwYXNz

--- Response ---
HTTP/1.1 200 Connection Established

PUT vs PATCH — What's the Difference?

AspectPUTPATCH
OperationFull replacement of the resourcePartial modification of the resource
PayloadComplete resource representationOnly fields to change (diff/patch format)
Missing fieldsOmitted fields are deleted/resetOmitted fields remain unchanged
IdempotentYes — same PUT always same resultNot guaranteed — depends on patch format
SafeNoNo
Use whenClient knows the full state and URIClient only has partial updates
ExampleReplace user profile entirelyChange just the user's email

🧭 RESTful URL Design Guide

Collection Pattern

Use plural nouns for collections. Avoid verbs in URLs.

GET /api/users — list all users

POST /api/users — create a new user

Resource Pattern

Use IDs to identify specific resources under a collection.

GET /api/users/42 — get user 42

PUT /api/users/42 — replace user 42

DELETE /api/users/42 — delete user 42

Nested Resources

Represent relationships through URL nesting.

GET /api/users/42/orders — list user's orders

POST /api/users/42/orders — create order for user

Filtering & Sorting

Use query parameters, not new endpoints.

?status=active&sort=name&limit=10

?fields=id,name,email — sparse fieldsets

Versioning

Choose one strategy and stick to it.

/api/v2/users — URL path

Accept: application/vnd.api+json;v=2 — header

Common Mistakes

Never use GET for state changes.

Avoid /api/getUser — HTTP method is the verb.

Don't return 200 for errors — use proper 4xx/5xx.

SIGNAL STATION ONLINE — 100% Client-Side — No Data Leaves Your Browser
DevToolkit Maritime Signal Station