Skip to main content

Command Palette

Search for a command to run...

The New HTTP QUERY Method: The Missing Piece Between GET and POST

Updated
6 min readView as Markdown
S

Technology Enthusiast and voracious reader with a demonstrated history of working in the computer software industry. Skilled in PHP, JavaScript, NodeJS, Angular, MySQL, MongoDB, Web3, Product Development, Project Management, and Teamwork.

For decades, API developers have faced a frustrating dilemma:

  • GET is the correct HTTP method for retrieving data, but it doesn't officially support a request body and has practical URL length limitations.

  • POST allows sending complex request bodies but semantically represents an unsafe operation, even when the request is only fetching data.

To solve this long-standing problem, the IETF introduced a new HTTP method called QUERY. It is designed specifically for safe, idempotent read operations that require a request body. Initially proposed as an Internet-Draft, it has since been standardized as RFC 10008. (RFC Editor)


Why Was QUERY Needed?

Modern applications rarely perform simple searches.

Today's APIs often require:

  • Complex filtering

  • Nested objects

  • Arrays of values

  • Date ranges

  • Geospatial filters

  • GraphQL queries

  • SQL-like expressions

  • Analytics requests

  • Full-text search configurations

Trying to encode these into a GET URL quickly becomes problematic.

Example:

GET /products?
category=electronics&
priceMin=100&
priceMax=500&
brands=Apple,Sony,Samsung&
rating=4&
sort=price&
availability=true&
warehouse=US&
color=black&
...

Eventually:

  • URLs become thousands of characters long.

  • Some browsers, proxies, gateways, and servers impose URL length limits.

  • Nested JSON structures become impossible to represent cleanly.

Many developers therefore switched to POST:

POST /products/search

{
    "category":"electronics",
    "price":{
        "min":100,
        "max":500
    },
    "brands":[
        "Apple",
        "Sony"
    ]
}

The problem?

Although the endpoint only retrieves data, POST communicates that the request may modify server state, which limits caching and automatic retries. (HTTP.DEV)


Enter HTTP QUERY

The new HTTP method is simply:

QUERY

Conceptually it behaves like:

"GET with a request body."

It allows clients to send structured query data inside the request body while preserving the semantics of a read-only operation.

Example:

QUERY /products

Content-Type: application/json

{
    "category":"electronics",
    "price":{
        "min":100,
        "max":500
    },
    "brands":[
        "Apple",
        "Sony"
    ],
    "sort":"price"
}

Core Characteristics

1. Safe

QUERY must not modify server state.

Like GET:

  • Searching

  • Filtering

  • Reading

  • Aggregating

  • Analytics

are valid.

Invalid examples:

  • Creating users

  • Updating products

  • Deleting records


2. Idempotent

Sending the exact same QUERY multiple times should produce the same logical effect.

QUERY
QUERY
QUERY

No matter how many times it is repeated:

  • No duplicate records

  • No extra inserts

  • No unintended updates

This makes QUERY safe for retries after transient network failures. (RFC Editor)


3. Supports Request Body

This is the biggest feature.

Unlike GET:

GET /search?q=phone

QUERY supports:

QUERY /search

{
    "keyword":"phone",
    "filters":{
        "price":{
            "min":100
        }
    }
}

The request body can be:

  • JSON

  • XML

  • SQL

  • GraphQL

  • Protocol Buffers

  • CBOR

  • Any media type the server supports


GET vs POST vs QUERY

Feature GET POST QUERY
Retrieves data
Request body Not defined by HTTP semantics
Safe
Idempotent
Cacheable Limited
Retry friendly Risky
Complex payload

QUERY effectively fills the gap between GET and POST. (HTTP.DEV)


Example: Product Search

GET

GET /products?
category=laptop&
brand=Apple&
ram=16&
storage=512&
priceMin=500&
priceMax=1500

Readable, but increasingly unwieldy as filters grow.


POST

POST /products/search

{
    "category":"Laptop",
    "brand":"Apple",
    "ram":16,
    "storage":512
}

Works technically, but semantically uses a method intended for potentially state-changing operations.


QUERY

QUERY /products

{
    "category":"Laptop",
    "brand":"Apple",
    "ram":16,
    "storage":512
}

This expresses the intent clearly: a read-only query with structured input.


GraphQL Benefits

Many GraphQL servers use POST:

POST /graphql

{
    "query":"..."
}

Even though GraphQL queries are read-only.

With QUERY:

QUERY /graphql

{
    "query":"..."
}

The HTTP method now matches the operation's semantics. (HTTP.DEV)


Analytics APIs

Current approach:

POST /analytics/report

Payload:

{
    "startDate":"2026-01-01",
    "endDate":"2026-06-30",
    "dimensions":[
        "country",
        "browser"
    ],
    "metrics":[
        "users",
        "sessions"
    ]
}

This is a read-only operation and is a natural fit for QUERY instead.


Elasticsearch-Style Searches

Many search engines already use POST for searches:

POST /_search

QUERY provides a standardized alternative:

QUERY /_search

SQL Queries

Instead of:

POST /database/query

You could use:

QUERY /database

Body:

SELECT *
FROM users
WHERE country='India'

This clearly indicates a read-only query.


Caching

One of the biggest advantages is that QUERY responses can be cached, provided the implementation accounts for the request body as part of the cache key. (Kreya)

For expensive queries:

QUERY /analytics

the first response can be stored and reused for identical requests.


Automatic Retries

If a network interruption occurs:

Client
   |
QUERY
   |
Network timeout

The client can safely retry because QUERY is idempotent.

Retrying POST is often unsafe because it may create duplicate side effects.


Content Negotiation

QUERY works with standard HTTP headers:

Content-Type: application/json
Accept: application/json

Or:

Content-Type: application/sql
Accept: text/csv

The response format remains flexible, just like with other HTTP methods.


Typical Response

HTTP/1.1 200 OK

Content-Type: application/json

{
    "items":[]
}

Or:

HTTP/1.1 303 See Other

Location: /queries/12345

Servers may also expose a stable URI for a stored query result when appropriate. (RFC Editor)


Practical Use Cases

QUERY is especially well-suited for:

  • Advanced search APIs

  • Product filtering

  • E-commerce catalogs

  • BI dashboards

  • Reporting systems

  • Analytics platforms

  • GraphQL query execution

  • Search engines

  • SQL-over-HTTP

  • AI retrieval APIs

  • Log exploration

  • Time-series data queries

  • Elasticsearch/OpenSearch-style endpoints

  • Vector search and semantic search


Adoption Status

The QUERY method is now defined in RFC 10008, but ecosystem support is still emerging. Many HTTP clients, frameworks, proxies, API gateways, and cloud platforms have mature support for GET and POST, while QUERY may require updates before it works end-to-end everywhere. In practice, many public APIs will continue using POST for complex read operations until tooling catches up. (RFC Editor)


Should You Use QUERY Today?

If you control both the client and server and your infrastructure supports custom HTTP methods, QUERY provides a cleaner, standards-based way to model complex read-only operations.

For public APIs intended to work with the broadest range of existing clients, proxies, and gateways, POST remains the most interoperable choice for now, despite its semantic drawbacks.

As support for RFC 10008 expands across web frameworks and infrastructure, QUERY has the potential to become the preferred method for complex, read-only API requests that need a request body.