Why HTTP Finally Gets the Long‑Awaited QUERY Method
The IETF’s new RFC 10008 defines a QUERY HTTP method that combines GET’s safety and idempotence with POST’s ability to carry large request bodies, offering a standardized way for API designers to send complex, read‑only queries without the limitations of URL‑encoded parameters.
Background and Motivation
The HTTP ecosystem historically offered only two imperfect options for read‑only operations with payloads: GET, which is safe, idempotent, and cacheable but limited by URL length and logging concerns, and POST, which supports large bodies but lacks safety, idempotence, and reliable caching.
Introducing the QUERY Method
IETF released RFC 10008, standardising a new method named QUERY. It inherits safety, idempotence, and cacheability from GET while allowing a request body like POST, thus solving the fundamental problems of both methods.
QUERY /users HTTP/1.1
Host: example.org
Content-Type: application/json
{
"role": "admin",
"sort": "name",
"page": 1
}Unlike GET, the payload is sent in the body, avoiding URL length limits and making complex filter objects readable. Unlike POST, the method is explicitly defined as safe and idempotent, enabling caches and middleware to treat it like GET.
Comparison with Existing Methods
GET : safe, idempotent, cacheable; no request body (undefined behavior).
POST : supports body; not safe, limited cacheability, not reliably idempotent.
QUERY : safe, idempotent, cacheable; supports request body.
Accept‑Query Header
Servers can advertise supported query payload formats via the Accept-Query response header, e.g.:
Accept-Query: application/x-www-form-urlencoded, application/sqlClients may first issue an OPTIONS or HEAD request to discover support before sending the full QUERY request.
Response Handling and Result Retrieval
Responses can include Content-Location to point to a permanent result resource and Location for the stored query itself, enabling clients to retrieve results later without resending the body. Redirect status 303 See Other can be used when the server wants the client to fetch a pre‑generated high‑cost query result.
Relation to GraphQL
Most GraphQL APIs currently use POST because long query strings do not fit in URLs. The QUERY method removes this workaround by allowing the full GraphQL query in the body while preserving safe, idempotent semantics at the protocol level.
Name and History
Early drafts used the keyword “SEARCH”; the HTTP working group eventually chose “QUERY” because it maps to the URI query component and describes a generic read‑only operation rather than a specific search use case. Alternatives such as “PROPFIND” and “REPORT” originated from WebDAV.
Specification Status
RFC 10008, authored by J. Reschke (greenbytes), J.M. Snell (Cloudflare), and M. Bishop (Akamai), was published as a proposed standard in June 2026. The involvement of major CDN providers suggests early support at the edge, and developers are encouraged to watch for implementations in curl, browsers’ fetch(), and server frameworks.
Use Cases
QUERY is positioned as the HTTP analogue of PATCH for complex filtering payloads, report generators, analytics dashboards, and AI‑driven search endpoints, offering a standards‑based solution that many consider the most important HTTP addition in years.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
21CTO
21CTO (21CTO.com) offers developers community, training, and services, making it your go‑to learning and service platform.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.
