HTTP - rohit120582sharma/Documentation GitHub Wiki

A protocol is a system of rules that allow communication between different computers to exchange information.

HTTP (HyperText Transfer Protocol) also called client/server protocol is a set of rules which server and browsers used to transfer web documents back and forth.

HTTP works based on request/response model where the client makes a request to a server (address pointing to a resource) and the server responds appropriate information after processing the request. Every action performed over HTTP starts with a request using one of the HTTP methods and ends with a response containing an HTTP status code, headers, and content.

HTTP is stateless that means each individual request is unique and no request is connected to another. In other words, it has no memory of previous request. HTTP has following techniques to fix this:

  • Cookies: a string of data passed back and forth between the client and server in the HTTP header to create a stateful session. It can include additional information.
  • Session: clients and servers can share the information about states by passing information back and forth, creating a session.

HTTP Components

HTTP Message

When client sends a message to server using HTTP, we refer to the message as HTTP request and the response sent by the server is called HTTP response.

HTTP request message structure:

  • URL
  • Request method / HTTP verb
  • Headers
  • Body

HTTP response message structure:

  • Status code
  • Headers
  • Body

HTTP Headers

HTTP is stateless meaning it doesn't store any information between requests. This means, if a client, or the server, or both, need information about the state of the other, or any other information, we have to send that information along with our request or response.

Requests and responses use HTTP headers to identify themselves and explain what they want. The header contains metadata. The headers of an HTTP request contains a method/verb explaining what action the sender wants to perform on the resource. The headers of an HTTP response contains a status code (200 OK, 400 request error, 500 server error)

HTTP headers which can carry information like:

  • What type of client sent the request
  • Server configuration
  • Time and date of the response
  • Data format

Some of the headers:

  • Content-Type
    • Present both in request and response headers
    • Indicates the type of content being sent
    • Common content types
      • HTML - text/html
      • JSON - application/json
      • XML - application/xml
  • Authorization
    • It can be used for security purposes
    • Some APIs may require security credentials to be provided
    • Commonly security credentials are sent in the headers
  • Cookies
    • Cookies are rarely used for APIs.
    • Cookie is a way for the server to store/save small amounts of data on the client's computer for a domain.
    • The response may contain a header called Set-Cookie which tells the browser to save the cookie.
    • The request may contain a header called Cookie automatically to send the stored cookies back to the server.

HTTP status code

Status code is only part of the HTTP response message. It is a quick way to tell if the request was successful or not, without inspecting the response body. It simplifies error-handling in the client side.

Status codes are grouped into five groups:

  • 1XX (Information)
  • 2XX (Success)
    • 200 - OK
    • 201 - Created; A new resource is created.
    • 204 - No content; Server processed the request, but returned no content
  • 3XX (Redirection)
    • 301 - Moved permanently; Use this new URI for all future requests
    • 302/303 - Found at this other URI
    • 307 - Temporary redirect
    • 308 - Permanent redirect
  • 4XX (Client error)
    • 400 - Bad request; Request is mal-formed or too large or something else
    • 401 - Unauthorized
    • 403 - Forbidden; Request is refused by the server because of client is not logged in or doesn't have the correct permission
    • 404 - Not found
    • 405 - Method not allowed
  • 5XX (Server error)
    • 500 - Internal server error
    • 502 - Bad gateway; Server acts as a literal gateway or proxy
    • 503 - Service unavailable; Server is overloaded or temporarily unavailable or something else goes wrong

HTTP/2 vs HTTP/1.1

HTTP/2 requirements

  • Browser must support for HTTP/2
  • Server must support for HTTP/2 & all features
  • Encrypted HTTPS connection through SSL. SSL certificates are available for free from vendors like "OpenSSL" and "Let's Encrypt".
⚠️ **GitHub.com Fallback** ⚠️