I'm looking into the Text-to-Speech REST API from Microsoft and am confused about the difference between HTTP methods POST and GET.
The API has an endpoint that lets you get an access token. I'm not sure why the HTTP method used is POST and not GET. It seems like you are GETing an access token, instead of creating a new resource (POST).
Similar question when converting text to speech. It seems like you are GETing an audio output, instead of creating a new resource (POST).
Seems like GETing a list of voices requires you to use a GET method!
Authentication requests for tokens typically happen over HTTP POSTs for 2 main reasons.
Security: When a user submits their username and password, this sensitive information should not be included in the URL or query parameters of an HTTP GET request. If the request is intercepted, the credentials could be compromised. HTTP POST requests, on the other hand, allow the data to be sent in the request body, which is not visible in the URL or query parameters.
Idempotence: HTTP GET requests should be idempotent, meaning that multiple identical requests should have the same effect as a single request. Authentication requests are not idempotent since they result in the creation of a new session or token, so it makes more sense to use a non-idempotent HTTP POST request.