Search code examples
phphttphttp-gethttp-deletehttp-head

Http GET and DELETE multiple entity requests at once (PHP)


As the title says - is it valid?

What do i mean

If i call an endpoint with GET is it then valid to do

http://some.thing/more?id[]=12&id[]=4&id[]=65

to let the server return multiple entities at once?

I could not see any note about in the rfc docs. Also - looking at the status codes to return - it seems not build that way.

So i guess a GET or DELETE or HEAD request is for one entity only?

EDIT: language is PHP btw

EDIT2: this is what i want to avoid: https://stackoverflow.com/a/18141127/3411766

I dont want to use the body.


Solution

  • You can make valid HTTP requests but go against the design of HTTP. I'm focusing in my answer on correct HTTP design.

    First, when you do a GET requests, you always receive a representation of a resource. Even if a URL represents something like a 'collection of resources', there is no strict definition of this in HTTP. That list of resources can still represent multiple 'entities' coming from your data-model.

    So a call to /users can return multiple user-entities.

    Similarly, a DELETE to users could mean that you are deleting the entire /users collection and everything in it.

    One issue that I see, and don't have a great answer on is that you're using the the query string to delete multiple resources. I think this is fine for GET / HEAD, but I question whether it's correct for DELETE as well. It definitely feels a bit 'weird' to me because I feel that a DELETE on /users?foo=bar should delete /users and commonly it will due to how most frameworks work. Should it? I'm actually not sure. REST is not strictly a standard so we can't go and find answers there, so all I got is that it 'feels wrong'. I realize that you're not strictly asking for REST, so from a strict HTTP perspective it's definitely ok.

    However, you could structure your urls to not look like:

    /users?id[]=12&id[]=4&id[]=65
    

    but instead something like this:

    /users/12,4,65
    

    I've seen others do this, and it feels a bit less wrong to me. But this is mostly conjecture.

    Regardless if you do a DELETE on multiple entities like that, the request should either succeed or do nothing at all. Partial success is not accepted, so you can just use the usual 200/204 response codes to indicate a successful delete.