Skip to main content

"Dushnylo" Series: The Trouble with GET: Real-World REST API Challenges

Have you ever seen a fully implemented, truly and absolutely by-the-books REST API? With all the correct HTTP methods, status codes, and the perfect design?
No? Me neither. And you might ask — why not? After all, it's supposed to be easy, right?

Well, yes — technically, it is easy. But in real life, you always run into edge cases.

Let’s take a simple example. According to REST principles, if you want to retrieve data, you should use the GET method. Simple and elegant, and documented everywhere. But then the question arises: how do you pass parameters in a GET request?

Answer: via URL path or query parameters.

But as you already know, there’s a limit to how much you can fit into a URL — usually around 2048 characters. That’s fine for small, basic queries. But what about advanced searches? You want to pass dozens of filters, custom ordering, maybe even a list of IDs to fetch. Sometimes it’s a list of GUIDs — and not just one or two, but hundreds.

In these cases, GET simply doesn’t work. The URL becomes too long and breaks. So what’s the alternative?

The common solution is to switch to a POST request. It works perfectly — you can pass a large JSON body with all your parameters.
But wait… according to REST, POST is for creating data, not retrieving it.

So now you're stuck:

  • You can't use GET because of technical limitations.

  • You shouldn’t use POST because it goes against the philosophy of REST.

What now?

This is one of those grey zones where you have to balance between theory and practicality. In my experience, I’ve had to use POST for advanced search endpoints. I’ve seen APIs that even created a special route like /search or /query and used POST there — clearly breaking REST rules, but solving real-world problems.

If you’ve faced this too, I’d love to hear how you handled it.
Do you break the rules for the sake of usability? Or do you find creative workarounds to stay within REST boundaries?

Share your thoughts and use cases — let’s talk about the real REST API, not just the one in textbooks.

Labels:

Comments

Post a Comment

Popular posts from this blog

Why Microsoft Azure Well-Architected Framework Can Improve Architecture

Small and medium-sized businesses often face a common challenge: the absence of experienced cloud engineers. Due to limited resources, teams typically choose the quickest path—getting things done in the easiest, fastest way. Unfortunately, this approach often leads to solutions that aren't secure, cost too much, and become nearly impossible to extend or manage effectively. Recognizing this critical challenge, Microsoft Azure has developed the Well-Architected Framework. This comprehensive set of guidelines and best practices helps businesses assess their existing solutions and guides them toward building robust, secure, cost-effective, and manageable cloud infrastructures from the start. The Azure Well-Architected Framework is structured around five essential pillars: Cost Optimization : Ensuring that cloud resources are used efficiently and effectively, reducing unnecessary expenses. Operational Excellence : Focusing on the ability to run and monitor systems effectively, ensuring ...
2 comments
Read more

"Dushnylo" Series: Monolith First approach.

I keep hearing, “You MUST start with a monolith.” Every new project? Always? When I hear that, two thoughts immediately come to mind:      1️⃣ “It depends.” You can’t just blindly say every project must start as a monolith.      2️⃣ My inner Dushnylo whispers: “Time to make a post about this.” So, here’s my take: I disagree. Not only do I disagree, but I believe the most critical and dangerous part of system design is analyzing and understanding business needs before making architectural decisions. Why? Simple. Imagine you’re building a streaming platform that processes massive amounts of data, handles notifications, and integrates with third-party services. Does this sound like something you’d build as a pure monolith? Of course not. But I do agree on one thing—you have to start somewhere. That starting point could be a simple core application —yes, it might look like a monolith at first. But you’re not designing the entire system as a monolith. ...
Post a Comment
Read more

First Look at Cerbos: A Solution for Dynamic Role & Permission Management

Introduce My next post is about tools for managing roles and dynamically controlling access to resources. Some business requirements demand extreme flexibility, often requiring a combination of RBAC + ABAC at the same time. From my experience, I’ve seen a lot of solutions, but most don’t cover all the key points. There are three circles that are really hard to combine: Performance, Security, and Flexibility . And when someone tries to implement all three—oh, it’s painful. But I found a technology that (almost) solves this challenge: Cerbos —a scalable, open-source authorization layer for handling roles and permissions. ( Cerbos site ) Why is it good? ✅ Centralized configuration – Everything is managed in one place. ✅ Easy integration – SDKs are available for all popular languages:     ðŸ”¹ .NET, Go, Java, JS, PHP, Python, Ruby, Rust ✅ Great documentation – Clear examples and guidance. ✅ Playground for testing – No need to run an app or set up tools. Just te...
Post a Comment
Read more