Basic question re GET vs POST

#1

First off, thank you to @artur for a truly fantastic CMS- I’m rebuilding my personal portfolio site using Vue and Cockpit, and it has been a lot of fun to build. As for my question, I’m using Axios w/ Vue to handle the requests to the Cockpit API, and I’m doing so as follows:

 fetchPosts: function () {
  const baseURI = 'http://mysite.com?token=TOKEN'
  this.$http.get(baseURI + '&sort[title]=1' + '&filter[published]=true') // sort by project name and get only published posts
  .then((response) => {
    this.postsPub = response.data.entries
  })
  .catch((error) =>{
    console.log(error)
    this.errored = true
  })
  .finally(() => this.loading = false)
},

This works perfectly fine for getting the data and displaying in my Vue templates. However, in most of the examples I see in the documentation and in this forum, I’m seeing a POST request such as

fetch('your.url/api/collections/get/COLLECTIONNAME?token=xxtokenxx', {
method: 'post',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
    filter: { '_id': { $in: [1, 4, 5] } },
    limit: 10,
    skip: 5,
    sort: {_created:-1},
    populate: 1 // resolve linked collection items
   })
})
.then(res=>res.json())
.then(res => console.log(res));

If I’m only getting data for display, is there any reason I should use the POST approach instead? I was trying to figure out a way to configure Axios to append parameters as in the second method (by using a params or filter settings object), but nothing I tried worked aside from just appending them as strings to the baseURI. Thanks for any general insight here!

**UPDATE- I just noticed this thread and from Artur’s response, I’m wondering if one can only pass parameters as an object when doing a POST request and not GET?

#2

GET and POST should behave the same, but writing json objects is much more readable. Especially if you filter by special chars or if you pass arrays to the query

Do you search for something like that?:
/api/...&filter[_id][$in][0]=1&filter[_id][$in][1]=4&filter[_id][$in][2]=5

#3

Thanks @raffaelj - I am currently filtering posts in the way you describe; just so I understand, is one only able to write a JSON object, and thus specify parameters in a more readable way, when using POST? Is it therefore not possible to specify parameters in an object simply using GET?

#4

Ah, now I get it. No, that’s not possible. If you really need it, you could write a custom api endpoint, that parses a get parameter ?data={"json":"object"} with json_decode

#5

Thanks for the confirmation, @raffaelj. Last question- is it considered bad practice to use POST simply to specify parameters (in however readable a format) when GET could just as easily be used?

#6

Neither of them are good or bad practice per se. Internally all POST, GET and POST/json data are combined into $_REQUEST:

But it is a bad practice, to send passwords (or the admin api key) as a GET parameter, because they might pop up in browser histories, in access log files or in analytics data.

#7

Ah ok, thank you for the explanation! I find that last point particularly interesting- I’m not using the admin API key in this way, but that’s good to know that it could be exposed via GET.