HTTP Simplified
Understand HyperText Transfer Protocol(HTTP) and the Request-Response cycle
If you have an interest in Web development and building APIs, understanding the concepts of HTTP is vital.
In this article you are going to learn the following:
- What HTTP is, and its characteristics
- A brief history of HTTP versions
- What Sessions are and their usage
- The Request-Response cycle
- HTTP Request and Response messages
- HTTP methods and their operations
- HTTP Status codes, their meanings, and what operations they perform
🤔What is HTTP?
HyperText Transfer Protocol (HTTP) is a stateless, connection-less, request-response protocol that consists of rules which define communications between clients and servers connected over an established Transmission Control Protocol (TCP) connection
Once there is an established connection between the client and the server, HTTP defines rules for transferring data such as images, text, and other multimedia between the client and the server
Before delving any further, let's define some basic terminologies which will be mentioned in the article.
- Clients: The client is a web browser, search engine, or robot. The client sends the request message to the server
- Servers: A web server that receives and responds to the request message sent by the clients, by sending a response message back to the client
- User: The individual who enters a URI into the browser or request for specific resource within an application
- URI( Uniform Resource Identifier): it is used to identify a given unique resource on the web
📜 History of HTTP
- HTTP/1.0: It was the original HTTP. It opened a new TCP connection for each HTTP request-response exchange, this approach is less efficient when multiple requests are sent in succession, hence the need to address this flaw in later versions
- HTTP/1.1: To mitigate the flaws of HTTP/1.0, pipelining was implemented which allowed multiple HTTP request-response exchanges over a single TCP connection
- HTTP/2 goes a step further by multiplexing messages within frames over a single open TCP connection
- HTTP/2 messages a not human-readable and are embedded into frames which allows optimizations like compressions of HTTP headers and multiplexing.
Characteristics of HTTP
- HTTP is stateless: There's no link between any two or more HTTP requests messages being successively sent out on the same TCP connection, this means from the server's perspective each HTTP request message is considered isolated and unique
- HTTP is not connection-based: Before a client and server can exchange requests and responses there must be an established connection between the client and server, but HTTP is not connection-based, hence it relies on the TCP transport layer which is a connection-based protocol, to establish a secure connection between the client and the server
- Once the server receives the HTTP request messages sent by the client on an opened TCP connection, the server analyzes and sends an HTTP response message to the client, after which the TCP connection is closed.
Although HTTP itself is stateless, there's a need to share state between multiple HTTP requests. HTTP cookies make it possible for the use of stateful sessions.
HTTP cookies are added to the header of each HTTP request allowing session creations on each HTTP request, doing this makes it possible to share state between multiple HTTP requests.
🤔What are Sessions
A session is temporal storage on the server, each session consists of the session data and the session ID which identifies a specific session. The session data is stored on the server while the session ID is stored in the client(web browser) using HTTP cookies. To identify a specific session, the session ID is sent back to the server using HTTP cookies
Characteristics of Sessions
- Sessions are unique for each user. So if there are 4 users who make a request to the server, there will be 4 sessions created on the server.
- During the request processing of each user, the user's sessions are available to all web pages on the application
Sessions usage examples
- Sessions can be used to protect certain pages and routes so that only specific users can access them, we can keep track of the users when they log in, by storing their user's IDs in a session
- Sessions can be used to keep track of a users' log status. So we can restrict access to protected resources and routes, to being available to logged-in users only. When a user logs in, their JSON Web Token(JWT) is stored in a session, and with subsequent user requests to a resource, it can be checked to see if the user is logged in
🔂The HTTP process
To understand the HTTP process, let's ask ourselves, what actually happens each time a user types a URL into a browser in order to open a new webpage. Well the most simple answer is;
- The client which in this case is our browser, sends a request to the server in which the web page is located
- The server then sends back a response containing the requested webpage to the client.
This process is called the Request-Response cycle. Let's take it one step further.
Let's say we want to access the explore page on hashnode.com by entering the following URL into the browser
The URL is made up of;
- Protocol: It is the protocol to be used on the connection, it could be HTTP or HTTPS, in this case, it is HTTPS which is the secure version of HTTP.
- Resource: the resource which we want to access, in this case, it is the explore page
- Domain name: In this case it's hashnode.com, we have to note that the domain name here is not actually the real address of the server that we are trying to access, rather it's just a nice and easy to remember representation of the actual address. So the client needs to convert the domain name to the actual address of the server, through the process of DNS( Domain Name Servers ) Lookup. The actual address of the domain name got from the DNS Lookup is;
This process of DNS Lookup only occurs when the HTTP request is made.
When a client initiates an HTTP request to the server, it performs the following steps;
- It establishes a TCP connection between the client and server: the TCP connection is used to send requests and receive responses
- Once the TCP connection has been established, the client sends an HTTP request message to the server
- After interpreting an HTTP request message the server sends an HTTP response message to the client
- Once the server has responded to the client's request, the TCP connection is closed
This process is illustrated below.
📝 HTTP messages
There are two types of HTTP messages;
- HTTP Request messages sent by the client to the server
- HTTP Response messages sent from the server to the client each of these messages has a format in which they are generated
HTTP Request Message
The request message consists of the following;
- The HTTP method: these methods are usually a verb like 'GET' or 'POST' that defines the operation applied by the client to the resource, in this case, the HTTP method is GET note HTTP methods are case sensitive.
- The Request-URI: identifies the resource upon which the HTTP method is applied. The exact resource is determined using the Request-URI and the Host header field
- The HTTP protocol version: In this case the version is HTTP/1.1
- Request headers: Conveys additional information about the request and about the client itself to the servers, in this case, we have the following request headers;
- Host: It specifies the internet port(IP) address and port number of the server where the requested resource is stored, an IP address without a trailing port defaults to port number 80 for HTTP requests and 443 for HTTPS requests. Note without specifying the Host header field, the request will return an error
- Accept-Language: Specifies which language the client is able to understand, in this case, the language is 'en' for English, other values could be 'fr' for French
- Body: An optional field that contains the information being sent to the server for storage, mainly used when using HTTP methods like POST, PATCH
HTTP Response Message
The response message consists of the following;
- The HTTP protocol version: In this case the version is HTTP/1.1
- Status code: in this case, is 200
- Response headers: Conveys additional information about the response and about the server itself to the client, in this case, we have the following request headers;
- Accept-Ranges: It is used by the server to show its support for partial requests
- Server: Describes the software used by the origin by the origin server that handled the request
- Content-type: This header field indicates the resource content type
- E-Tag: it identifies the specific resource version
- Body: An optional field that contains fetched information being sent to the client from the server, mainly used when using HTTP methods like GET.
HTTP Methods
HTTP uses methods to define the operation to be applied to the resource identified by the Request-URI. These methods are usually verbs, with the most widely used methods being POST, GET, PATCH, and DELETE. Each of these HTTP methods returns a success or failure upon completion of their operations, using status codes to represent success or a failure.
- GET: This method retrieves the resource specified in the request-URI. If successful the resource is returned as an entity in the response message along with the status code 200 (Success).
- POST: This method request that the server accepts the data or entity enclosed in the Request body, if successful the server responds by sending a response message containing the status code 201 (Created), along with the location of the posted entity or data.
- PUT: This method request that the enclosed data or entity in the Request body be used to modify the request identified by the Request-URI.
- DELETE: This method request that the enclosed data or entity in the request be stored under the supplied Request-URI.
📱 HTTP Status Codes
The status codes are used by the client to determine if the HTTP request sent to the server, along with the specified operation was a success or a failure, remember the operation is specified by using the HTTP method. The status code is a 3 digit result code, with the first digit defining the class of the code.
1xx (Informational): This class of status codes consists of informational responses indicating that a client should continue with a request. Examples of status codes belonging to this class;
- 100 Continue: The client should continue with their request
- 101 Switching protocols: The server is willing to comply with the request to change the application protocol being used in the connection, this request is made using the Upgrade message header field
2XX (Success): This class of status codes indicates that the request made by the client was successfully received, understood, and accepted by the server. Examples of status codes belonging to this class include the following;
- 200 Ok: The request succeeded, the information returned with the response is dependent on the HTTP method used in the request.
- GET: the requested resource is sent in the response
- POST: A description of the action is sent in the response
- 201 Created: The request has succeeded and a new resource has been created
- 202 Accepted: The request has been accepted but not yet processed by the server
- 200 Ok: The request succeeded, the information returned with the response is dependent on the HTTP method used in the request.
3XX (Redirection): This class of status codes indicates that further action needs to be taken by the user to complete the request, examples of status codes belonging to this class;
- 301 Moved permanently: The requested resource has been moved permanently to a new URI, the permanent URI is given in the Location header field in the response
- 304 Not modified: A successful get request is made, but the client does not modify the resource
4XX (Client Error): This class of status code indicates that the client has erred. Examples of status codes belonging to this class;
- 400 Bad requests: The request could not be understood by the server
- 401 Unauthorized: The request requires user authentication
- 404 Not found: The server can not find any resource matching the resource-URI
5XX (Server Error): This class of status code indicates that the server has erred. Examples of status codes belonging to this class;
- 500 Internal error: The server encountered an unexpected condition with prevented it from fulfilling the request
- 503 Service unavailable: The server is unable to handle the request due to a temporal condition such as server maintenance or temporal overloading
You can read a lot more about status codes here
Conclusion
I hope you found this article useful and helpful, if you have any questions let me know in the comments. In a later article, we are going to learn how to implement and use these concepts in building a Rest API. That's it for now 👋