HTTP Methods. Authentication & Cookie basics

Web Fundamentals

Web Basics - How to HTTP Work

HTTP - Fundamentals

  • HTTP functions as a request–response protocol in the client–server computing model.

  • HTTP/1.1 & HTTP/2.0.

  • HTTP is an application layer protocol designed within the framework of the Internet protocol suite.

HTTP - Fundamentals : Request & Response

HTTP - GET - Request

  • Retrieve all resources in a collection & can cached.
  • GET requests remain in the browser history & bookmarked
  • GET requests should never be used when dealing with sensitive data & have length restrictions
  • GET requests should be used only to retrieve data

GET /test?name=value1 HTTP/1.1


User-Agent: my browser details

Accept: text/html

Accept-Language: en-gb,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

HTTP - POST - Request

  • Create a new resource in a collection
  • POST requests are never cached.
    & do not remain in the browser history.
  • POST requests cannot be bookmarked.
  • POST requests have no restrictions on data length

POST /test/t.php HTTP/1.1

POST /test/t.php HTTP/1.1

User-Agent: HTTPTool/1.0

Content-Type: application/raw

Content-Length: 32


HTTP - PUT Request

  • PUT puts a file or resource at a specific URI
  • PUT replaces that file or resource.
  • PUT responses are not cacheable.
  • Update a resource.

PUT /boo/foo.txt HTTP/1.1


Content-Type: plain/text

This is a testing content for
the text file foo.txt

HTTP - PATCH Request

  • PATCH - Update a partial resource.

  • When you only need to update one field of
    the resource

PATCH /groups/api/v1/groups/{group id}

with request body like



  • DELETE - Delete a resource.
  • OPTIONS - Return available HTTP methods and other options.

PATCH /groups/api/v1/groups/{group id}

with request body like



  • HEAD - For Only Header Information
  • TRACE - Return traces of the request

Curl -I

HTTP - Response Codes

Web Authentication & Cookies

Basic authentication - String is encoded with Base64.
curl --header "Authorization: Basic am9objpzZWNyZXQ="

Digest Authentication - Authentication is performed by transmitting the password in an ENCRYPTED form.(With Some Salt etc)

OAuth- Authentication protocol that allows you to approve one application interacting with another on your behalf without giving away your password.

E.g OAuth 1, 2.


Cookies are usually small text files, given ID tags that are stored on your computer's browser directory or program data subfolders.

GET /spec.html HTTP/1.1


Cookie: theme=light; sessionToken=abc123

  • Record the user's browsing activity.
  • Which pages were visited in the past.
  • Contain the name of the domain & Lifetime.

Tool : EditThisCookie -

Test Plan & Test Cases and Best Practices of API Testing

Next Lecture…...

HTTP Methods. Authentication & Cookie basics - Google Slides