HTTP (HyperText Transport Protocol)

HTTP (Hyper Text Transport Protocol)

In this article, I will discuss everything you need to know about HTTP (Hyper Text Transport Protocol), i.e., HTTP Verbs or Methods, HTTP Status Codes, HTTP Requests, and Responses. Please read our previous article discussing ASP.NET Core Web API Introduction. As part of this article, we will discuss the following pointers in detail.

  1. What is HTTP?
  2. Why do we need to know about HTTP?
  3. How do the browser and server communicate with Each Other?
  4. HTTP Request Components.
  5. HTTP Response Components.
  6. HTTP Verbs or HTTP Methods.
  7. HTTP Status Codes Categories.
  8. Frequently used HTTP Status Codes.
  9. HTTP Versions.
What is HTTP?

HTTP stands for Hypertext Transfer Protocol. It is the foundation for exchanging information between a web server and a client on the Web. HTTP defines the format for messages (requests and responses) between the Clients and Server. Here are the key characteristics of HTTP.

  • Basic Function: HTTP is a request-response protocol typically used in client-server computing. The client, often a web browser, makes a request to a server for web resources like HTML pages, images, etc. The server then responds to those requests.
  • Stateless Protocol: HTTP is stateless, meaning it retains no memory of past transactions. However, mechanisms like cookies and sessions are essential when maintaining a session (like shopping carts on e-commerce sites).
  • Methods: HTTP includes methods to indicate the desired action on a given resource. These methods include GET (retrieve data), POST (submit data to be processed), PUT (update data), DELETE (remove data), and others.
  • Secure HTTP (HTTPS): When HTTP is used in conjunction with SSL/TLS, it’s known as HTTPS (Hypertext Transfer Protocol Secure). This adds a layer of encryption, enhancing security, which is especially important for sensitive transactions like online banking.
  • Role in Web Browsing: When you visit a website, your browser sends HTTP requests to the server hosting the site. The server then responds with HTTP responses that include the requested pages, which are then rendered by your browser.
  • Headers and Responses: HTTP messages contain a start-line, headers, and an optional body. Headers contain information about the request or response.
Why do we need to know about HTTP?

Understanding HTTP (Hypertext Transfer Protocol) is important for several reasons, especially for those involved in web development, IT, and digital communications. Here are some key reasons why knowledge of HTTP is valuable:

  • Foundation of Web Communication: HTTP is the protocol for data communication on the World Wide Web. Knowing how it works is important for understanding how websites and web applications function.
  • Web Development: For web developers, understanding HTTP is essential for designing and debugging web applications. It helps understand how browsers and servers communicate, how data is exchanged, and how to handle various HTTP requests and responses.
  • API Interaction: Many modern applications expose APIs (Application Programming Interfaces) that allow other software systems to communicate and interact. APIs rely on HTTP as the underlying protocol for data exchange. Knowing HTTP is important for working with APIs and integrating different systems. Understanding HTTP methods like GET, POST, PUT, and DELETE is important for interacting with these APIs.
  • Troubleshooting: When things go wrong with web applications or website access, understanding HTTP can help diagnose issues. Knowledge of status codes (e.g., 404 for page not found, 500 for server error) and headers can provide insights into what’s happening during communication.
  • Security: HTTP is essential in the context of web security. Knowing how HTTP works allows for a better understanding of secure data transmission (using HTTPS), potential vulnerabilities, and how to protect against common web attacks like Cross-Site Scripting (XSS) or Man-in-the-Middle (MitM) attacks.
  • Performance Optimization: Understanding HTTP can help in optimizing website performance. Techniques like caching, persistent connections (keep-alive), and efficient use of HTTP headers can significantly improve the speed and responsiveness of a website.
  • SEO Implications: HTTP status codes (like 404 for Not Found and 301 for Permanent Redirect) have search engine optimization (SEO) implications. Understanding these codes can help in optimizing websites for better search engine rankings.
  • Educational Value: For students and those new to the field of computer science and information technology, learning about HTTP is a fundamental step in understanding the larger concepts of internet architecture and web technologies.

Overall, HTTP is the backbone of web communication, and having a solid understanding of its workings is valuable for developers, web administrators, and users who want to navigate the online world effectively and securely.

How do the Browser and Server Communicate with each other?

HTTP is used for communication between the client and server. Let us understand what it means by client and server with an example.

Suppose you open the web browser, type the URL in the browser, and press the enter button. When you press the enter button, a request is going to the server (called a web server). Whatever data you send from the web browser to the web server is called a Request, and whatever data you receive from the web server is called a Response. This is how the browser and web server communicate with each other in the form of Requests and Responses. This type of communication is only possible by using HTTP Protocol. So, the request can be termed an HTTP Request, and the response can be called HTTP Response. For a better understanding, please have a look at the following image.

What is HTTP (Hypertext Transport Protocol)?

Browser is not the only client. For example, if you use a mobile application, your mobile is a client. If you call APIs using tools like Postman and Fiddler, then Postman and Fiddlers are also the clients.

HTTP Request Components:

HTTP (Hypertext Transfer Protocol) is the protocol used for communication between a client (such as a web browser) and a server (such as a web server) over the internet. The client makes an HTTP request to request a resource from the server, and the server responds with an HTTP response containing the requested resource or an error message.

When we send something from the client (browser, mobile, postman, fiddler, etc.) to the server (webserver), it is called a Request. The request is formed with a couple of components. They are as follows:

  1. URL: Each Request must have a unique URL.
  2. Verb (Method): Each Request must have an HTTP Verb. Examples include GET, POST, PUT, PATCH, DELETE, etc.
  3. Header(s): Each Request can contain one or more Headers.
  4. Body: Each request can have a body. The body contains the data that we want to send to the server.

HTTP Request Components

Start Line
  • Request Method: This specifies the action to be performed. Common methods include GET (retrieve data), POST (submit data for processing), PUT (update data), and DELETE (remove data), among others.
  • Request URI (Uniform Resource Identifier): The URI (usually a URL) identifies the specific resource on the server that the client wants to interact with.

Request Headers: Each HTTP Request can contain one or more Request Headers. The Request Header will be in the form of key-value pairs that provide additional information about the request. Some common headers include:

  • Host: Specifies the domain name of the server.
  • User-Agent: Identifies the client software initiating the request (e.g., the browser or application).
  • Accept:  Tells the server what content types the client can handle.
  • Content-Type:  When the request includes a body (like a POST, PUT, or PATCH request), this header indicates the media type of the body.
  • Authorization: Contains credentials for authentication purposes.
  • Cookie: Includes any cookies that the client has for this domain. This is used for state management.
  • Cache-Control: Directives for caching mechanisms in both requests and responses.

Request Body (Optional): The body of an HTTP request is optional and is used when sending additional data to the server, like in POST, PUT, or PATCH requests. It could contain data from a form submission, file uploads, or JSON/XML data in the case of API requests.

HTTP Response Components:

Whatever the client receives from the web server is called HTTP Response. The HTTP response contains the following components.

  1. HTTP Status Code: It must have a Status Code indicating the status of the HTTP Request. 200 Indicates successful, 500 indicates internal server error, 404 indicates resource not found, etc.
  2. Response Headers: It can have one or more response headers.
  3. Data: Response can have data, i.e., return to the client.

There are also other components. However, the above three components are important in an HTTP Response.

HTTP Response Components

Status Line: The first line of the HTTP response, which includes the following information:

  1. HTTP Version: Indicates the version of the HTTP protocol used (e.g., HTTP/1.1).
  2. Status Code: A three-digit number that indicates the outcome of the request. Common examples include 200 (OK), 404 (Not Found), and 500 (Internal Server Error).
  3. Status Text: A brief, human-readable phrase that provides a description of the status code (e.g., “OK”, “Not Found”).

Response Headers: Each HTTP Response can have one or more Response Headers. The Response Header will be in the form of key-value pairs that provide additional information about the response. Some common headers include:

  • Content-Type: Indicates the media type of the response body (e.g., text/html for HTML documents, application/json for JSON data, application/xml for XML data).
  • Content-Length: The length of the response body in bytes.
  • Cache-Control: Directives for caching mechanisms in both requests and responses.
  • Set-Cookie: Used to send cookies from the server to the user agent.
  • Server: Information about the software used by the origin server.
  • Date: The date and time at which the message was sent.

Response Body: This part contains the actual content of the response. The nature and format of the response body depend on the request and the server’s capabilities. It could be an HTML document, an image, JSON data, XML data, or plain text.

These components work together to facilitate communication between the client and the server as an HTTP request and response. The HTTP Request contains information the server needs to understand and fulfill the request, while the HTTP Response includes the requested resource or an error message for the client to process.

HTTP Verbs or HTTP Methods:

We have already discussed that each HTTP Request must have an HTTP Verb or Method. Let us understand what all HTTP Methods or Verbs are available.

HTTP verbs, also known as HTTP methods, are a set of standardized actions that can be performed on resources using the HTTP (Hypertext Transfer Protocol) protocol. Each HTTP request typically includes a verb/method to indicate the desired action to be taken. The following are some of the commonly used HTTP verbs:

GET HTTP Method:

The GET HTTP Method is used to Retrieve the Data. The HTTP GET method requests a representation of the specified resource. Requests using GET should only be used to request data (they shouldn’t include data). For example, you want to search for something like you want to get a list of employees, a list of products, you want to retrieve a book by ID, etc. So, whenever you expect some data from the server, you need to use GET HTTP Verb. So, it retrieves a representation of a resource without modifying it.

In the case of the HTTP GET Method, the Web API may be expecting some data from the client, but the main purpose of the GET method is to fetch or retrieve data from the server. If you want to implement some search functionality, then the Web API may expect some data to filter out the results. In this case, the clients need to send the data.

POST HTTP Method:

The HTTP POST request is used to make a new entry in the database. It is not only specific to a database; whenever you want to create a new resource in your application, you must use the POST method. It often results in the creation of a new resource. What does it mean to add a new Resource? It means if you want to add a new employee or a new product, the main concept is not the database; the main concept is adding a new resource.

PUT HTTP Method:

The HTTP PUT request is used to update all the properties of the current resource in the database. What does it mean? For example, we have a table called Product in our database. If we want to update all properties of a particular product, then we need to use PUT HTTP Request. So, you need to use the PUT Method whenever you want to update all the properties (columns) of a resource (existing record in the database). You cannot add a new resource using the PUT method.

PATCH HTTP Method:

In some situations, you don’t want to update all the properties of an existing resource; instead, you want to update a few of the properties of an existing resource; then, in that case, you need to use the PATCH method. So, the PATCH method is similar to the PUT method but is used to update a few resource properties. For example, if you want to update a few properties (columns) of an existing product, then you need to use the PATCH method. That means if your Product table contains 10 columns, and you want to update only four columns of an existing product, then you need to use the PATCH method. So, it applies partial modifications to a resource. 

DELETE HTTP Method:

The DELETE method is used to delete the resource from the database. It removes a specified resource. That means you are removing or deleting an existing entity from your database. In modern applications, we use two concepts for deletion. One is Soft Delete, and the other one is Hard Delete.

  1. Soft Delete: In your table, if you have some column like IsDeleted or IsActive or something similar to this and you want to update that column, then you cannot use the Delete Method. In that case, you need to use the PATCH method. This is because you are not deleting the record from the database; you are simply updating the record.
  2. Hard Delete: If you want to remove the existing entity from the table, then you need to use the DELETE method. For example, Delete an existing product from the Product table in the database, etc.

HTTP Status Codes:

The HTTP status code is also one of the important components of HTTP Response. The Status code is issued from the server, and they give information about the response. Whenever the client gets any response from the server, we must have one HTTP Status code in that HTTP Response.

Status codes are three-digit numbers that are returned by servers to provide information about the outcome of a request made by a client. These codes are grouped into different categories based on their first digit, which helps understand and troubleshoot the response. All the HTTP Status codes are divided into five categories. They are as follows. Here, XX will represent the actual number.

  1. 1XX: Informational Response (Example: 100, 101, 102, etc.). Status codes in the 1xx range indicate that the server has received the client’s request and is continuing the process. These codes are primarily used for informational purposes and do not typically require any action from the client.
  2. 2XX: Successful Response (Example. 200, 201, 203, 204, etc.). Whenever you get 2XX as the response code, it means the request is successful. Status codes in the 2xx range indicate that the server successfully received, understood, and accepted the client’s request. These codes typically indicate that the requested action was successfully completed.
  3. 3XX: Redirection Response (Example. 301, 302, 304, etc.). Whenever you get 3XX as the response code, it means it is re-directional, i.e., some re-directional is happening on the server.  Status codes in the 3xx range indicate that the client needs further action to complete the request. These codes are used when a resource has been moved or is temporarily unavailable, and the client needs to take additional steps to access the resource.
  4. 4XX: Client Error Response (Example: 400, 401, 404, 405, etc.). Whenever you get 4XX as the response code, it means there is some problem with your request.  Status codes in the 4xx range indicate that the client’s request was unsuccessful due to an error on the client’s side. These codes are often associated with issues such as invalid requests, unauthorized access, or missing resources.
  5. 5XX: Server Error Response (Example: 500, 502, 503, 504, etc.). Whenever you get 5XX as the response code, it means there is some problem in the server. Status codes in the 5xx range indicate that the server encountered an error while processing the client’s request. These codes are typically associated with issues on the server side, indicating that the requested action could not be completed due to server-related problems.
Frequently used HTTP Status Codes:

In Web API development, HTTP status codes are an essential part of the response sent by the server to indicate the outcome of a client’s request. Here are some of the frequently used HTTP status codes in Web APIs:

  1. 100: 100 means Continue. The HTTP 100 Continue informational status response code indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.
  2. 200: 200 means OK. The HTTP 200 OK success status response code indicates that the request has been successfully processed, and the server is returning the requested resource in the response body. If you are searching for some data and you got the data properly. That means the request is successful; in that case, you will get 200 OK as the HTTP status code.
  3. 201: 201 means a new resource created. The HTTP 201 Created success status response code indicates that the request has succeeded and led to the creation of a resource. If you are successfully adding a new resource by using the HTTP Post method, then in that case, you will get 201 as the Status code. That means this status code is typically used to indicate that a new resource has been successfully created. The URI of the newly created resource is often included in the response headers under the Location header field
  4. 204: 204 means No Content. The HTTP 204 No Content success status response code indicates that a request has succeeded but is not returning any content to the client. That means this status code indicates that the server has successfully processed the request but has no content to return in the response body. It is commonly used for requests that perform actions like updates or deletions.
  5. 301: 301 means Moved Permanently. If you are getting 301 as a status response code from the server, it means the resource you are looking for is moved permanently to the URL given by the Location headers.
  6. 302: 302 means Found. If you are getting 302 as a status response code from the server, it means the resource you are looking for is moved temporarily to the URL given by the Location headers.
  7. 400: 400 means Bad Request. If you are getting 400 as the status code from the server, then the issue is with the client’s request. Suppose the request contains wrong data, such as malformed request syntax, invalid request message, missing required parameters, and invalid data. In that case, you will get this 400 Bad Request status code. That means this status code indicates that the server cannot process the request due to client error.
  8. 401: 401 means Unauthorized. If you are trying to access the resource you don’t have access to (Invalid Authentication Credentials), you will get a 401 unauthorized status code from the server. That means this status code indicates that the request requires authentication, and the client needs to provide valid credentials (such as a username and password) to access the requested resource.
  9. 403: 403  means Forbidden: This status code is similar to 401, but it indicates that the client is authenticated but has insufficient permissions to access the requested resource.
  10. 404: 404 means Not Found. If you are looking for a resource that does not exist, then you will get this 404 Not Found status code from the server. Links that lead to a 404 page are often called broken or dead links. That means this status code is used when the server cannot find the requested resource. It indicates that the URI is not recognized or the resource does not exist.
  11. 405: 405 means Method Not Allowed. The 405 Method Not Allowed response status code indicates that the server knows the request method but is not supported by the target resource. For example, we have one method, which is a POST method, in the server, and we are trying to access that method from the client using GET Verb; then, in that case, you will get a 405 status code.
  12. 500: 500 means Internal Server Error. If there is some error in the server, then you will get a 500 Internal Server Error Response status code. That means this status code indicates an unexpected error occurred on the server while processing the request. It is a generic error response for situations where the server cannot provide a more specific error message.
  13. 503: 503 means Service Unavailable. The 503 Service Unavailable server error response code indicates that the server is not ready to handle the request. If the server is down for maintenance or overloaded, then you will get the 503 Service Unavailable Status code. That means this status code is used when the server is temporarily unable to handle the request due to being overloaded or undergoing maintenance. It implies that the client should try again later
  14. 504: 504 means Gateway Timeout. The 504 Gateway Timeout server error response code indicates that the server while acting as a gateway or proxy, did not get a response in time from the upstream server needed to complete the request.
HTTP Versions

HTTP (Hypertext Transfer Protocol) has evolved through several versions, each introducing significant improvements over its predecessors. Here’s an overview of the major HTTP versions:

HTTP/0.9 (1991):
  • The first version of HTTP, extremely simple.
  • Only supported GET requests.
  • There were no headers or metadata, just a single-line request, and the response was purely HTML.
HTTP/1.0 (1996):
  • Introduced in RFC 1945.
  • Added support for HTTP headers, allowing for metadata about the request and response.
  • Introduced new methods like POST and HEAD.
  • Supported status codes to indicate the success or failure of a request.
HTTP/1.1 (1997):
  • Specified in RFC 2068, later revised in RFC 2616.
  • Introduced persistent connections, allowing for multiple requests and responses over a single TCP connection.
  • Added chunked transfer encoding, allowing the server to send a response in parts as they become available.
  • Additional request methods like OPTIONS, PUT, DELETE, TRACE, and CONNECT were introduced.
  • Host headers were introduced to allow multiple domains to be hosted at a single IP address.
HTTP/2 (2015):
  • Standardized in RFC 7540.
  • A major revision that introduced binary framing, a departure from the text-based format of earlier versions.
  • Supports multiplexing, allowing multiple requests and responses to be in flight simultaneously over a single TCP connection.
  • Introduced header compression to reduce overhead.
HTTP/3 (2019):
  • Still in the process of standardization as of my last update in April 2023.
  • Based on QUIC, a transport layer network protocol developed by Google.
  • QUIC operates over UDP (User Datagram Protocol) instead of TCP, aiming to improve performance and reduce latency.
  • Includes built-in features for security and congestion control.

Each new version of HTTP has been designed to improve performance, security, and the overall efficiency of data transmission on the web. While HTTP/1.1 remains widely used, HTTP/2 and HTTP/3 provide significant advancements, particularly in terms of speed and efficiency, which are increasingly important in the modern, high-traffic web environment.

In the next article, I will discuss the Environment Setup Required for Developing ASP.NET Core Web API Applications. In this article, I try to explain HTTP (HyperText Transport Protocol) Protocols, i.e., HTTP Requests and Responses. What are HTTP Verbs and some commonly used HTTP Status Codes? And I hope you enjoy this HyperText Transport Protocol article.

4 thoughts on “HTTP (HyperText Transport Protocol)”

  1. Thank you so much for these resources. I am currently trying to get back into the ASP.NET domain so you have no idea how helpful these are. I’ve never delved into Web APIs so I’m starting with .NET Core Web APIs is that ok? Or should I start with the other Web API tutorial on this website?

  2. Hi,

    It would be nice to clarify GET Method. where it says “Requests using GET should only be used to request data (they shouldn’t include data)” then later it says

    “If you want to implement some kind of search functionality then the Web API may expect some data to filter out the results. In this case, the clients need to send the data.”

    so please, you might want to rephrase it to avoid confusion…

    reuben

Leave a Reply

Your email address will not be published. Required fields are marked *