HTTP methods tell the server WHAT you want to do. Think of them as verbs. GET means "show me." POST means "create this." PUT means "update this." DELETE means "remove this." Every API call starts with a method.
| Method | Purpose | Has Body? | Safe? | Idempotent? |
|---|---|---|---|---|
| GET | Read/retrieve data | No | Yes | Yes |
| POST | Create new resource | Yes | No | No |
| PUT | Replace entire resource | Yes | No | Yes |
| PATCH | Update part of a resource | Yes | No | Yes |
| DELETE | Remove a resource | No | No | Yes |
Safe means the call doesn't change anything on the server. GET is safe — it only reads. Idempotent means calling it 10 times has the same effect as calling it once. PUT is idempotent — updating name to "Priya" ten times still results in "Priya." POST is NOT idempotent — calling it 10 times creates 10 records.
# GET — Fetch all accounts for a user
GET /api/banking/accounts
Response: [{ "id": "ACC-001", "type": "savings", "balance": 45000 }]
# GET — Fetch a specific account
GET /api/banking/accounts/ACC-001
Response: { "id": "ACC-001", "type": "savings", "balance": 45000 }
# POST — Transfer money (creates a new transaction)
POST /api/banking/transfer
Body: { "from": "ACC-001", "to": "ACC-002", "amount": 5000 }
Response: { "transactionId": "TXN-789", "status": "success" }
# PUT — Update account holder details (full replace)
PUT /api/banking/accounts/ACC-001/holder
Body: { "name": "Priya Sharma", "phone": "9876543210", "email": "priya@example.com" }
Response: { "message": "Account holder updated" }
# PATCH — Update just the phone number
PATCH /api/banking/accounts/ACC-001/holder
Body: { "phone": "9123456789" }
Response: { "message": "Phone number updated" }
# DELETE — Close an account
DELETE /api/banking/accounts/ACC-003
Response: { "message": "Account closed" }This confuses everyone. Here's the simple rule.
// Current user data on server:
{ "name": "Priya", "phone": "9876543210", "email": "priya@example.com" }
// PUT request (only sends name and email, forgets phone):
PUT /users/1
{ "name": "Priya Sharma", "email": "priya.new@example.com" }
// Result: { "name": "Priya Sharma", "phone": null, "email": "priya.new@example.com" }
// Phone is GONE because PUT replaces the entire object!
// PATCH request (sends only what changed):
PATCH /users/1
{ "email": "priya.new@example.com" }
// Result: { "name": "Priya", "phone": "9876543210", "email": "priya.new@example.com" }
// Phone is safe. PATCH only touches what you send.This is a common API bug. Developer uses PUT but the frontend only sends changed fields. Suddenly, other fields become null. As a tester, always verify that unchanged fields survive a PUT request. This catches real bugs.
Need to READ data? Use GET. Never send a body with GET.
Need to CREATE something new? Use POST. Always send a body.
Need to UPDATE everything about a resource? Use PUT. Send the full object.
Need to UPDATE just one or two fields? Use PATCH. Send only changed fields.
Need to REMOVE a resource? Use DELETE. Usually no body needed.
Q: What is the difference between PUT and PATCH?
A: PUT replaces the entire resource — you must send all fields, and missing fields get nulled. PATCH updates only the fields you send — everything else stays untouched. Example: if a user has name, phone, email and you PUT with only name and email, phone becomes null. With PATCH, phone stays as-is. Most real-world apps use PATCH for updates because it's safer.
Q: What does idempotent mean?
A: An idempotent operation produces the same result whether you call it once or a hundred times. GET is idempotent — reading data 100 times doesn't change it. PUT is idempotent — setting name to "Priya" 100 times still results in "Priya." POST is NOT idempotent — calling POST /orders 10 times creates 10 orders. This matters for retry logic — it's safe to retry GET and PUT, but not POST.
Key Point: GET reads, POST creates, PUT replaces, PATCH updates partially, DELETE removes. Know the difference — interviewers will ask.