python - API call whether to do a POST or GET -
for fetching info recommended utilize get , submitting form, post. how next function, 'checks out' item:
@validate_credentials @csrf_exempt @acceptable_methods(???) def cue_checkout(request, cue_id, user=none, checkout=true): cue = cue.objects.filter(pk=cue_id, user=user) if not cue.exists(): homecoming httpresponseforbidden('invalid cue supplied.') cue = cue[0] cueassignment.objects.create(cue=cue, user=user, checkout_timestamp=timezone.now()) homecoming httpresponse() i'm thinking since we're modifying info should post, please explain right method here , why?
the w3 specifies 2 terms used describe http methods.
the first "safe" meaning not mutate info resources on server.
the sec "idempotent", meaning results of request should same long state of info resource has not changed (independent of idempotent request).
because creating objects on server, should using post, get defined safe , idempotent action. post meanwhile neither safe nor idempotent (since may reject creation of object due constraints). moreover, should enforcing csrf_protection avoid re-use of session cookies maintaining user's permissions freely used create objects.
there's nice, quick table here utilize quick reference mutual methods.
python rest http
No comments:
Post a Comment