Skip to main content

TTP Finally Gets a New Verb: Meet QUERY (RFC 10008)

For over 15 years, backend developers, API designers, and frontend engineers have lived by a strict, self-imposed set of rules. If you want to create a resource, you use POST. If you want to replace it, PUT. If you want to fetch it, GET.

But what happens when you need to fetch a resource using a massive, deeply nested JSON filter, a complex SQL string, or a large GraphQL block?

Historically, we had to choose between breaking HTTP semantics or risking massive URL breakages. That era is officially over. In June 2026, the IETF officially published RFC 10008, standardizing a brand-new HTTP method: QUERY. This is the first major addition to the core HTTP verbs since PATCH was standardized back in 2010.

Here is everything you need to know about why QUERY exists, how it works, and how it’s going to fix API design layout.

The Broken Workarounds: GET vs. POST

To understand why QUERY is such a big deal, we have to look at the architectural compromises developers have been forced to make for nearly two decades.

1. The GET Problem (The Payload Dilemma)

The GET method is semantically perfect for retrieving data. It is safe (it doesn't modify server state) and idempotent (replaying it 10 times yields the same result). This allows browsers, CDNs, and proxies to aggressively cache GET requests.

However, GET parameters must live entirely inside the URL string:

GET /orders?select=id,date,total&filter[status]=delivered&filter[date][gt]=2026-01-01&limit=50 HTTP/1.1

This breaks down fast because:

  • URL Length Limits: Many servers, routers, and proxies drop or crash on URLs longer than 2,000 to 8,000 characters.
  • Security & Information Leakage: Query parameters are routinely dumped into plain-text server logs, exposing potentially sensitive user data or internal IDs.
  • Encoding Nightmares: Complex nested objects become an unreadable mess of percent-encoded characters (%20, %5B, %5D).
Can't we just put a body in a GET request?
Technically, the HTTP specification doesn't explicitly forbid it, but it states that a body on a GET request has no defined semantics. In practice, many enterprise firewalls, proxy layers, and web servers will straight up drop the body or reject the request entirely.

2. The POST Problem (The Semantic Sacrifice)

To bypass GET limits, developers turned to POST for search endpoints (e.g., POST /orders/search). While this permits a massive JSON payload in the request body, it ruins HTTP ergonomics:

  • POST is explicitly defined as non-idempotent.
  • Because intermediaries and browsers must assume a POST request alters data, it cannot be automatically cached by your network infrastructure.
  • If a user's network drops mid-request, browsers cannot safely auto-retry a POST without warning the user ("Are you sure you want to resubmit this form?").

The Solution: QUERY

The QUERY method is the missing piece of the puzzle. It takes the request body support of POST and marries it with the safe, idempotent, and cacheable semantics of GET.

[ HTTP QUERY ] = [ GET Semantics: Safe & Idempotent ] + [ POST Capabilities: Request Body Payloads ]

What a QUERY Request Looks Like

Instead of packing everything into a single fragile URL line, you can pass structured JSON, SQL, or GraphQL cleanly in the body:

QUERY /orders HTTP/1.1
Host: api.example.com
Content-Type: application/json
Accept: application/json

{
  "select": ["id", "date", "total"],
  "filter": {
    "status": "delivered",
    "date": { "$gt": "2026-01-01" }
  },
  "limit": 50
}

Key Features of QUERY

  • Explicitly Safe & Idempotent: Because it's registered with IANA as safe, clients, reverse proxies, and browsers know out of the box that it will never mutate server state. It can be safely automatically replayed on a dropped connection.
  • Natively Cacheable: Unlike POST, responses to QUERY can be cached. However, unlike GET (which uses the URL as a cache key), a caching layer handling a QUERY request hashes and incorporates the request body into the cache key.
  • The Accept-Query Header: The specification introduces a way for servers to advertise what kind of query formats they accept via a handshake or an OPTIONS call:
    Accept-Query: application/json, application/sql, application/graphql

How It Impacts the Future of Web Development

The standardization of QUERY is a massive win for modern web architectures:

  1. GraphQL Demilitarized: Most GraphQL queries are read-only but are sent via POST because the query strings are too large for a URL. QUERY allows GraphQL to align perfectly with native HTTP semantics.
  2. Cleaner Analytics & Search Backends: Dashboard applications, report builders, and complex internal search matrices will no longer need custom "safe-retry" wrappers to handle POST requests masquerading as lookups.
  3. Privacy Boost: Sensitive parameters like search terms, user filters, or PI-adjacent identifiers stay hidden inside the encrypted TLS payload body rather than leaking into corporate proxy traffic logs.

When Can You Use It?

Because RFC 10008 was just finalized in mid-2026, native support is still rolling out. While core HTTP libraries (like Go’s ServeMux or Node.js) can handle it immediately because HTTP methods are fundamentally just strings, it will take time for CDNs (like Cloudflare and Akamai, who co-authored the spec), browsers, and major frameworks to implement standard-compliant body caching and native client wrappers.

Expect QUERY to slowly become a baseline requirement for high-performance REST and RPC APIs over the next couple of years.

Comments

Popular posts from this blog

Salty Coffee

He met her on a party. She was so outstanding, many guys chasing after her, while he so normal, nobody paid attention to him. At the end of the party, he invited her to have coffee with him, she was surprised, but due to being polite, she promised. They sat in a nice coffee shop, he was too nervous to say anything, she felt uncomfortable, she thought, please, let me go home.... suddenly he asked the waiter. "would you please give me some salt? I'd like to put it in my coffee." Everybody stared at him, so strange! His face turned red, but still, he put the salt in his coffee and drank it. She asked him curiously; why you have this hobby? He replied: "when I was a little boy, I was living near the sea, I like playing in the sea, I could feel the taste of the sea, just like the taste of the salty coffee. Now every time I have the salty coffee, I always think of my childhood, think of my hometown, I miss my hometown so much, I miss my parents who are still living ther...

Date with the Woman

After 21 years of marriage, my wife wanted me to take another woman out to dinner and a movie. She said I love you but I know this other woman loves you and would love to spend some time with you. The other woman that my wife wanted me to visit was my MOTHER, who has been a widow for 19 years, but the demands of my work and my three children had made it possible to visit her only occasionally. That night I called to invite her to go out for dinner and a movie. 'What's wrong, are you well,' she asked? My mother is the type of woman who suspects that a late night call or a surprise invitation is a sign of bad news. 'I thought that it would be pleasant to be with you,' I responded. 'Just the two of us.' She thought about it for a moment, and then said, 'I would like that very much.' That Friday after work, as I drove over to pick her up I was a bit nervous. When I arrived at her house, I noticed that she, too, seemed to be nervous...

The Unlikely Friendship

In a quiet village nestled between rolling hills and babbling brooks, there lived a little cat named Moonbeam. Moonbeam had a coat as black as the midnight sky, but her eyes sparkled like the brightest stars. One starry night, while Moonbeam prowled through the alleys, she discovered a tiny creature with wings caught in a thicket.   The creature turned out to be Twinkle, a baby bat who had lost her way. Moonbeam, instead of pouncing, gently approached Twinkle and used her nimble paws to free the tiny bat. Twinkle, grateful and unafraid, looked at Moonbeam with eyes that held the wonder of the night sky.   From that night on, Moonbeam and Twinkle became the best of friends. Moonbeam would explore the rooftops, and Twinkle would soar alongside, leaving trails of stardust. Together, they discovered secret hideaways and shared stories under the moonlight.   Their friendship spread joy throughout the village, and soon the townsfolk eagerly awaited the nightly ad...