What is HTTP?

HTTP stands for Hypertext Transfer Protocol. It is the foundation for exchanging information
between a web server and a client on the Web. HTTP defines the format for messages (requests and
responses) between the Clients and Server.

How do the Browser and Server Communicate with each other?

This is how the browser and web server communicate with each other in the form of Requests and
Responses. This type of communication is only possible by using HTTP Protocol. So, the request can
be termed an HTTP Request, and the response can be called HTTP Response. For a better
understanding, please have a look at the following image.

Browser is not the only client. For example, if you use a mobile application, your mobile is a client. If
you call APIs using tools like Postman and Fiddler, then Postman and Fiddlers are also the clients.

HTTP Request Components:

When we send something from the client (browser, mobile, postman, fiddler, etc.) to the server
(webserver), it is called a Request. The request is formed with a couple of components. They are as
follows:
 URL: Each Request must have a unique URL.
 Verb (Method): Each Request must have an HTTP Verb. Examples include GET, POST,
PUT, PATCH, DELETE, etc.
 Header(s): Each Request can contain one or more Headers.
 Body: Each request can have a body. The body contains the data that we want to send to the
server.
Request Headers: Each HTTP Request can contain one or more Request Headers. The Request
Header will be in the form of key-value pairs that provide additional information about the
request. Some common headers include:
 Host: Specifies the domain name of the server.
 User-Agent: Identifies the client software initiating the request (e.g., the browser or
application).
 Accept: Tells the server what content types the client can handle.
 Content-Type: When the request includes a body (like a POST, PUT, or PATCH request),
this header indicates the media type of the body.
 Authorization: Contains credentials for authentication purposes.
 Cookie: Includes any cookies that the client has for this domain. This is used for state
management.
 Cache-Control: Directives for caching mechanisms in both requests and responses.

Request Body (Optional): The body of an HTTP request is optional and is used when sending
additional data to the server, like in POST, PUT, or PATCH requests. It could contain data from a form
submission, file uploads, or JSON/XML data in the case of API requests.

HTTP Response Components:

Whatever the client receives from the web server is called HTTP Response. The HTTP response
contains the following components.
 HTTP Status Code: It must have a Status Code indicating the status of the HTTP Request.
200 Indicates successful, 500 indicates internal server error, 404 indicates resource not
found, etc.
 Response Headers: It can have one or more response headers.
 Data: Response can have data, i.e., return to the client.

There are also other components. However, the above three components are important in an HTTP
Response.

Status Line: The first line of the HTTP response, which includes the following information:
 HTTP Version: Indicates the version of the HTTP protocol used (e.g., HTTP/1.1).
 Status Code: A three-digit number that indicates the outcome of the request. Common
examples include 200 (OK), 404 (Not Found), and 500 (Internal Server Error).
 Status Text: A brief, human-readable phrase that provides a description of the status code
(e.g., “OK”, “Not Found”).

Response Headers: Each HTTP Response can have one or more Response Headers. The
Response Header will be in the form of key-value pairs that provide additional information about the
response. Some common headers include:
 Content-Type: Indicates the media type of the response body (e.g., text/html for HTML
documents, application/json for JSON data, application/xml for XML data).
 Content-Length: The length of the response body in bytes.
 Cache-Control: Directives for caching mechanisms in both requests and responses.
 Set-Cookie: Used to send cookies from the server to the user agent.
 Server: Information about the software used by the origin server.
 Date: The date and time at which the message was sent.
Response Body: This part contains the actual content of the response. The nature and format of the
response body depend on the request and the server’s capabilities. It could be an HTML document,
an image, JSON data, XML data, or plain text.

HTTP Verbs or HTTP Methods:

HTTP verbs, also known as HTTP methods, are a set of standardized actions that can be performed
on resources using the HTTP (Hypertext Transfer Protocol) protocol. Each HTTP request typically
includes a verb/method to indicate the desired action to be taken. The following are some of the
commonly used HTTP verbs:

GET HTTP Method:

The GET HTTP Method is used to Retrieve the Data.

In the case of the HTTP GET Method, the Web API may be expecting some data from the client, but
the main purpose of the GET method is to fetch or retrieve data from the server. If you want to
implement some search functionality, then the Web API may expect some data to filter out the results.
In this case, the clients need to send the data.

POST HTTP Method:

The HTTP POST request is used to make a new entry in the database. It is not only specific to a
database; whenever you want to create a new resource in your application, you must use the POST
method

PUT HTTP Method:

The HTTP PUT request is used to update all the properties of the current resource in the database.

PATCH HTTP Method:

In some situations, you don’t want to update all the properties of an existing resource; instead, you
want to update a few of the properties of an existing resource; then, in that case, you need to use
the PATCH method. So, the PATCH method is similar to the PUT method but is used to update a few
resource properties

DELETE HTTP Method:

The DELETE method is used to delete the resource from the database. It removes a specified
resource. That means you are removing or deleting an existing entity from your database. In modern
applications, we use two concepts for deletion. One is Soft Delete, and the other one is Hard Delete.
 Soft Delete: In your table, if you have some column like IsDeleted or IsActive or something
similar to this and you want to update that column, then you cannot use the Delete Method. In
that case, you need to use the PATCH method. This is because you are not deleting the
record from the database; you are simply updating the record.
 Hard Delete: If you want to remove the existing entity from the table, then you need to use
the DELETE method. For example, Delete an existing product from the Product table in the
database, etc.

HTTP Status Code Categories:

The HTTP status code is also one of the important components of HTTP Response. The Status code
is issued from the server, and they give information about the response. Whenever the client gets any
response from the server, we must have one HTTP Status code in that HTTP Response.

Status codes are three-digit numbers that are returned by servers to provide information about the
outcome of a request made by a client. These codes are grouped into different categories based on
their first digit, which helps understand and troubleshoot the response. All the HTTP Status codes are
divided into five categories. They are as follows. Here, XX will represent the actual number.

 1XX: Informational Response (Example: 100, 101, 102, etc.). Status codes in the 1xx
range indicate that the server has received the client’s request and is continuing the process.
These codes are primarily used for informational purposes and do not typically require any
action from the client.
  2XX: Successful Response (Example. 200, 201, 203, 204, etc.). Whenever you get 2XX as
the response code, it means the request is successful. Status codes in the 2xx range indicate
that the server successfully received, understood, and accepted the client’s request. These
codes typically indicate that the requested action was successfully completed.

 3XX: Redirection Response (Example. 301, 302, 304, etc.). Whenever you get 3XX as the
response code, it means it is re-directional, i.e., some re-directional is happening on the
server. Status codes in the 3xx range indicate that the client needs further action to complete
the request. These codes are used when a resource has been moved or is temporarily
unavailable, and the client needs to take additional steps to access the resource.

 4XX: Client Error Response (Example: 400, 401, 404, 405, etc.). Whenever you get 4XX as
the response code, it means there is some problem with your request. Status codes in the
4xx range indicate that the client’s request was unsuccessful due to an error on the client’s
side. These codes are often associated with issues such as invalid requests, unauthorized
access, or missing resources.

 5XX: Server Error Response (Example: 500, 502, 503, 504, etc.). Whenever you get 5XX
as the response code, it means there is some problem in the server. Status codes in the 5xx
range indicate that the server encountered an error while processing the client’s request.
These codes are typically associated with issues on the server side, indicating that the
requested action could not be completed due to server-related problems.

Frequently used HTTP Status Codes:

In Web API development, HTTP status codes are an essential part of the response sent by the server
to indicate the outcome of a client’s request. Here are some of the frequently used HTTP status codes
in Web APIs:

100: 100 means Continue. The HTTP 100 Continue informational status response code indicates
that everything so far is OK and that the client should continue with the request or ignore it if it is
already finished.

200: 200 means OK. The HTTP 200 OK success status response code indicates that the request has
been successfully processed, and the server is returning the requested resource in the response
body. If you are searching for some data and you got the data properly. That means the request is
successful; in that case, you will get 200 OK as the HTTP status code.

201: 201 means a new resource created. The HTTP 201 Created success status response code
indicates that the request has succeeded and led to the creation of a resource. If you are successfully
adding a new resource by using the HTTP Post method, then in that case, you will get 201 as the
Status code. That means this status code is typically used to indicate that a new resource has been
successfully created. The URI of the newly created resource is often included in the response
headers under the Location header field

204: 204 means No Content. The HTTP 204 No Content success status response code indicates
that a request has succeeded but is not returning any content to the client. That means this status
code indicates that the server has successfully processed the request but has no content to return in
the response body. It is commonly used for requests that perform actions like updates or deletions.

301: 301 means Moved Permanently. If you are getting 301 as a status response code from the
server, it means the resource you are looking for is moved permanently to the URL given by the
Location headers.

302: 302 means Found. If you are getting 302 as a status response code from the server, it means
the resource you are looking for is moved temporarily to the URL given by the Location headers.

400: 400 means Bad Request. If you are getting 400 as the status code from the server, then the
issue is with the client’s request. Suppose the request contains wrong data, such as malformed
request syntax, invalid request message, missing required parameters, and invalid data. In that case,
you will get this 400 Bad Request status code. That means this status code indicates that the server
cannot process the request due to client error.

401: 401 means Unauthorized. If you are trying to access the resource you don’t have access to
(Invalid Authentication Credentials), you will get a 401 unauthorized status code from the server. That
means this status code indicates that the request requires authentication, and the client needs to
provide valid credentials (such as a username and password) to access the requested resource.

403: 403 means Forbidden: This status code is similar to 401, but it indicates that the client is
authenticated but has insufficient permissions to access the requested resource.

404: 404 means Not Found. If you are looking for a resource that does not exist, then you will get
this 404 Not Found status code from the server. Links that lead to a 404 page are often called broken
or dead links. That means this status code is used when the server cannot find the requested
resource. It indicates that the URI is not recognized or the resource does not exist.

405: 405 means Method Not Allowed. The 405 Method Not Allowed response status code indicates
that the server knows the request method but is not supported by the target resource. For example,
we have one method, which is a POST method, in the server, and we are trying to access that method
from the client using GET Verb; then, in that case, you will get a 405 status code.

500: 500 means Internal Server Error. If there is some error in the server, then you will get a 500
Internal Server Error Response status code. That means this status code indicates an unexpected
error occurred on the server while processing the request. It is a generic error response for situations
where the server cannot provide a more specific error message.

503: 503 means Service Unavailable. The 503 Service Unavailable server error response code
indicates that the server is not ready to handle the request. If the server is down for maintenance or
overloaded, then you will get the 503 Service Unavailable Status code. That means this status code is
used when the server is temporarily unable to handle the request due to being overloaded or
undergoing maintenance. It implies that the client should try again later

504: 504 means Gateway Timeout. The 504 Gateway Timeout server error response code indicates
that the server while acting as a gateway or proxy, did not get a response in time from the upstream
server needed to complete the request.

HTTP Versions
HTTP (Hypertext Transfer Protocol) has evolved through several versions, each introducing significant
improvements over its predecessors. Here’s an overview of the major HTTP versions:

HTTP/0.9 (1991):
 The first version of HTTP, extremely simple.
 Only supported GET requests.
 There were no headers or metadata, just a single-line request, and the response was purely
HTML.

HTTP/1.0 (1996):
 Introduced in RFC 1945.
 Added support for HTTP headers, allowing for metadata about the request and response.
 Introduced new methods like POST and HEAD.
 Supported status codes to indicate the success or failure of a request.

HTTP/1.1 (1997):
 Specified in RFC 2068, later revised in RFC 2616.
 Introduced persistent connections, allowing for multiple requests and responses over a single
TCP connection.
 Added chunked transfer encoding, allowing the server to send a response in parts as they
become available.
 Additional request methods like OPTIONS, PUT, DELETE, TRACE, and CONNECT were
introduced.
  Host headers were introduced to allow multiple domains to be hosted at a single IP address.

HTTP/2 (2015):
 Standardized in RFC 7540.
 A major revision that introduced binary framing, a departure from the text-based format of
earlier versions.
 Supports multiplexing, allowing multiple requests and responses to be in flight simultaneously
over a single TCP connection.
 Introduced header compression to reduce overhead.

HTTP/3 (2019):
 Still in the process of standardization as of my last update in April 2023.
 Based on QUIC, a transport layer network protocol developed by Google.
 QUIC operates over UDP (User Datagram Protocol) instead of TCP, aiming to improve
performance and reduce latency.
 Includes built-in features for security and congestion control.

Each new version of HTTP has been designed to improve performance, security, and the overall
efficiency of data transmission on the web. While HTTP/1.1 remains widely used, HTTP/2 and
HTTP/3 provide significant advancements, particularly in terms of speed and efficiency, which are
increasingly important in the modern, high-traffic web environment.