HTTP POST Method Explained with Examples
The HTTP POST method is used to send data to the server, typically to create a new resource. It is one of the most important and frequently used methods in web forms, APIs, authentication systems, and data-submission workflows.
POST requests can include a request body, making them ideal for sending structured data like JSON, form data, files, images, and login credentials.
What is the POST Method?
The POST method is designed to submit data to a server.
It is:
- Not safe → It can change server state
- Not idempotent → Repeating the request may create duplicates
- Allows a request body → JSON, XML, Form Data, Files
- Not cacheable by default
POST is primarily used for creating new resources.
Basic POST Request Example
Request
POST /api/users HTTP/1.1
Content-Type: application/json
Body:
{
"name": "Rohan",
"email": "rohan@example.com",
"password": "mypassword"
}
Response (201 Created)
{
"id": 45,
"message": "User created successfully"
}
The server creates a new user and returns a confirmation.
POST Request with Form Data (HTML Example)
HTML forms commonly use POST:
<form action="/contact" method="POST">
<input type="text" name="name">
<input type="email" name="email">
<textarea name="message"></textarea>
<button type="submit">Send</button>
</form>
Browser sends:
POST /contact
Content-Type: application/x-www-form-urlencoded
Body:
name=Riya&email=riya%40mail.com&message=Hello
POST Request for Login (Sensitive Data Example)
POST /auth/login
Content-Type: application/json
Body:
{
"email": "test@gmail.com",
"password": "secret123"
}
The server validates credentials and returns a token:
{
"token": "eyJhbGciOiJIUzI1NiIsIn..."
}
POST is correct here because login involves sensitive data.
POST for File Upload
When uploading files, browsers use multipart/form-data.
POST /upload
Content-Type: multipart/form-data; boundary=xyz
Body Contains:
- File binary
- Metadata
- Form fields
Use case examples:
- Uploading profile photos
- Uploading documents (PDF, Word, Images)
- Uploading videos
POST for Creating Blog Posts or Records
POST /api/blogs
Content-Type: application/json
Body:
{
"title": "Understanding APIs",
"content": "APIs allow communication between systems..."
}
Response:
{
"id": 901,
"status": "Blog created"
}
When to Use POST
POST is appropriate when:
✔ 1. Creating a resource
- Create user
- Create order
- Add product
- Submit form
✔ 2. Authentication & Sign-in
POST keeps passwords hidden from URLs.
✔ 3. Uploading files or images
POST supports binary bodies.
✔ 4. Sending large amounts of data
Body size is not restricted like URLs.
✔ 5. Triggering server actions
- Running reports
- Sending emails
- Processing payments
When NOT to Use POST
Avoid POST for:
❌ Fetching data
Use GET instead.
❌ Idempotent update operations
Use PUT or PATCH.
❌ Bookmarkable or shareable URLs
POST cannot be bookmarked.
POST vs PUT vs PATCH
| Feature | POST | PUT | PATCH |
|---|---|---|---|
| Creates new resource | ✔ Yes | ❌ No | ❌ No |
| Updates entire resource | ❌ No | ✔ Yes | ❌ No |
| Partial update | ❌ No | ❌ No | ✔ Yes |
| Idempotent | ❌ No | ✔ Yes | ❌ No |
| Body allowed | ✔ Yes | ✔ Yes | ✔ Yes |
Why POST is Not Idempotent
If you send the same POST request twice:
- 2 users may be created
- 2 orders may be placed
- 2 messages may be sent
Each request can create a new entry, which is why you must handle duplicate prevention in backend logic.
Security Recommendations for POST
- Always use HTTPS, not HTTP
- Validate and sanitize body data
- Limit file upload sizes
- Check allowed MIME types
- Use authentication (JWT, Tokens, Sessions)
- Protect from CSRF attacks
Conclusion
The POST method is one of the core tools of modern web communication.
It powers:
- Signup forms
- Logins
- Orders
- Uploads
- Contact forms
- API resource creation
Understanding POST is vital for developers building websites, mobile apps, and APIs.
