Why HTTP Finally Gets the Long‑Awaited QUERY Method

The IETF’s new RFC 10008 defines a QUERY HTTP method that combines GET’s safety and idempotence with POST’s ability to carry large request bodies, offering a standardized way for API designers to send complex, read‑only queries without the limitations of URL‑encoded parameters.

21CTO
21CTO
21CTO
Why HTTP Finally Gets the Long‑Awaited QUERY Method

Background and Motivation

The HTTP ecosystem historically offered only two imperfect options for read‑only operations with payloads: GET, which is safe, idempotent, and cacheable but limited by URL length and logging concerns, and POST, which supports large bodies but lacks safety, idempotence, and reliable caching.

Introducing the QUERY Method

IETF released RFC 10008, standardising a new method named QUERY. It inherits safety, idempotence, and cacheability from GET while allowing a request body like POST, thus solving the fundamental problems of both methods.

QUERY /users HTTP/1.1
Host: example.org
Content-Type: application/json
{
  "role": "admin",
  "sort": "name",
  "page": 1
}

Unlike GET, the payload is sent in the body, avoiding URL length limits and making complex filter objects readable. Unlike POST, the method is explicitly defined as safe and idempotent, enabling caches and middleware to treat it like GET.

Comparison with Existing Methods

GET : safe, idempotent, cacheable; no request body (undefined behavior).

POST : supports body; not safe, limited cacheability, not reliably idempotent.

QUERY : safe, idempotent, cacheable; supports request body.

Accept‑Query Header

Servers can advertise supported query payload formats via the Accept-Query response header, e.g.:

Accept-Query: application/x-www-form-urlencoded, application/sql

Clients may first issue an OPTIONS or HEAD request to discover support before sending the full QUERY request.

Response Handling and Result Retrieval

Responses can include Content-Location to point to a permanent result resource and Location for the stored query itself, enabling clients to retrieve results later without resending the body. Redirect status 303 See Other can be used when the server wants the client to fetch a pre‑generated high‑cost query result.

Relation to GraphQL

Most GraphQL APIs currently use POST because long query strings do not fit in URLs. The QUERY method removes this workaround by allowing the full GraphQL query in the body while preserving safe, idempotent semantics at the protocol level.

Name and History

Early drafts used the keyword “SEARCH”; the HTTP working group eventually chose “QUERY” because it maps to the URI query component and describes a generic read‑only operation rather than a specific search use case. Alternatives such as “PROPFIND” and “REPORT” originated from WebDAV.

Specification Status

RFC 10008, authored by J. Reschke (greenbytes), J.M. Snell (Cloudflare), and M. Bishop (Akamai), was published as a proposed standard in June 2026. The involvement of major CDN providers suggests early support at the edge, and developers are encouraged to watch for implementations in curl, browsers’ fetch(), and server frameworks.

Use Cases

QUERY is positioned as the HTTP analogue of PATCH for complex filtering payloads, report generators, analytics dashboards, and AI‑driven search endpoints, offering a standards‑based solution that many consider the most important HTTP addition in years.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

HTTPGraphQLprotocol designWeb APIsGET vs POSTQUERY methodRFC 10008
21CTO
Written by

21CTO

21CTO (21CTO.com) offers developers community, training, and services, making it your go‑to learning and service platform.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.