Module3/[Link] 2.

Standard Request and Response Structure

HTTP Request Structure

Module 3: Building APIs and Web
An HTTP request consists of four main components:
Services
┌─────────────────────────────────────────────────────────┐
│ Request Line │
HTTP Basics ├─────────────────────────────────────────────────────────┤
│ Headers │
1. Overview of HTTP Protocol │ (multiple key-value pairs) │
├─────────────────────────────────────────────────────────┤
What is HTTP? │ Blank Line │
├─────────────────────────────────────────────────────────┤
│ Body (optional) │
HTTP (HyperText Transfer Protocol) is an application-layer protocol that defines how │ (message payload) │
messages are formatted and transmitted between web clients and servers. It serves as the └─────────────────────────────────────────────────────────┘
foundation of data communication on the World Wide Web. Understanding its structure,
methods, and status codes is essential for web development and API design. Each HTTP Request Line Format
method serves a specific purpose, from retrieving data with GET to creating resources with
POST. Status codes provide standardized communication about request outcomes, enabling
METHOD /path/to/resource HTTP/version
robust error handling and user feedback. Modern applications leverage HTTP’s flexibility while
adhering to RESTful principles to create scalable and maintainable systems. Example Request:

Key Characteristics
POST /api/users HTTP/1.1
Stateless Protocol: Each request-response pair is independent. The server doesn’t retain Host: [Link]
information about previous requests from the same client by default. Content-Type: application/json
Content-Length: 45
Client-Server Model: HTTP follows a request-response pattern where clients (browsers, User-Agent: Mozilla/5.0
mobile apps) initiate requests and servers provide responses. Accept: application/json
Authorization: Bearer token123
Text-Based Protocol: HTTP messages are human-readable text, making debugging and
analysis straightforward. {"username":"john","email":"john@[Link]"}

Port Usage: By default, HTTP uses port 80, while HTTPS (secure version) uses port 443. and
place holder for Module2 Request Components Breakdown

HTTP Architecture Request Line: Contains the HTTP method, resource path, and protocol version.

┌─────────────┐ ┌─────────────┐ Headers: Metadata about the request providing additional context like content type, accepted
│ │ HTTP Request │ │ formats, authentication credentials, and client information.
│ Client │──────────────────────────────>│ Server │
│ (Browser) │ │ │ Blank Line: Separates headers from the body (mandatory even if there’s no body).
│ │<──────────────────────────────│ │
│ │ HTTP Response │ │ Body: Contains data being sent to the server (used in POST, PUT, PATCH requests).
└─────────────┘ └─────────────┘
HTTP Response Structure Response Example:

┌─────────────────────────────────────────────────────────┐
│ Status Line │ HTTP/1.1 200 OK
├─────────────────────────────────────────────────────────┤ Content-Type: application/json
│ Headers │
│ (multiple key-value pairs) │ [{"id":1,"name":"Alice"},{"id":2,"name":"Bob"}]
├─────────────────────────────────────────────────────────┤
│ Blank Line │
├─────────────────────────────────────────────────────────┤ Use Cases: Fetching web pages, retrieving API data, searching, filtering results.
│ Body (optional) │
│ (response payload) │ POST Method
└─────────────────────────────────────────────────────────┘
Purpose: Submit data to create a new resource or trigger processing.
Status Line Format
Request Body: Contains the data being sent.
HTTP/version StatusCode ReasonPhrase
Structure:
Example Response:

POST /api/users HTTP/1.1

HTTP/1.1 200 OK Host: [Link]
Date: Thu, 22 Jan 2026 [Link] GMT Content-Type: application/json
Content-Type: application/json Content-Length: 58
Content-Length: 89
Server: Apache/2.4.41 {"name":"Charlie","email":"charlie@[Link]","age":28}
Cache-Control: no-cache

{"id":123,"username":"john","email":"john@[Link]","created":"2026-01-22T[Link]Z"} Response Example:

HTTP/1.1 201 Created

3. HTTP Methods: Structure and Usage Location: /api/users/3
Content-Type: application/json
HTTP methods (also called verbs) indicate the desired action to be performed on a resource.
{"id":3,"name":"Charlie","email":"charlie@[Link]"}
GET Method

Purpose: Retrieve data from the server without modifying it. Use Cases: Creating new resources, submitting forms, uploading files, triggering server-side
operations.
Request Body: Not used (data sent via URL query parameters).
PUT Method
Structure:
Purpose: Update an existing resource or create it if it doesn’t exist (full replacement).
GET /api/users?page=1&limit=10 HTTP/1.1
Structure:: Similar to POST but targets a specific resource.
Host: [Link]
Accept: application/json
Use Cases: Complete resource updates, replacing entire documents.
PATCH Method Content-Length: 89
Last-Modified: Thu, 22 Jan 2026 [Link] GMT
Purpose: Partially update an existing resource.
(no body)
Request Body: Contains only the fields to be updated.

Structure: Similar to PUT but with partial data. Use Cases: Checking if a resource exists, getting metadata, checking last modification time.

Use Cases: Updating specific fields without sending the entire resource. OPTIONS Method

DELETE Method Purpose: Describe communication options for the target resource.

Purpose: Remove a resource from the server. Request Body: Not used.

Request Body: Usually empty. Structure:

Structure:
OPTIONS /api/users HTTP/1.1
Host: [Link]
DELETE /api/users/3 HTTP/1.1
Host: [Link]
Response Example:

Response Example:
HTTP/1.1 200 OK
Allow: GET, POST, PUT, DELETE, OPTIONS
HTTP/1.1 204 No Content Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Origin: *

Use Cases: Removing resources, canceling subscriptions, clearing data.

Use Cases: CORS preflight requests, discovering allowed methods on a resource.
HEAD Method
4. Important HTTP Status Codes
Purpose: Same as GET but retrieves only headers, not the body.
Status codes are three-digit numbers that indicate the result of an HTTP request. They are
Request Body: Not used. grouped into five categories.

Structure: Status Code Categories

Status Codes (3-digit)

HEAD /api/users/3 HTTP/1.1
│
Host: [Link]
├── 1xx: Informational (request received, processing)
│ └── Rarely used in modern applications
│
Response Example:
├── 2xx: Success (request successfully processed)
│ └── Action completed successfully
HTTP/1.1 200 OK
│
Content-Type: application/json
├── 3xx: Redirection (further action needed)
│ └── Client must take additional action {"error":"User not found"}
│
├── 4xx: Client Error (request contains errors)
│ └── Problem with the request itself 405 Method Not Allowed: HTTP method not supported for this resource.
│
└── 5xx: Server Error (server failed to fulfill request)
└── Server encountered an error HTTP/1.1 405 Method Not Allowed
Allow: GET, POST
200 OK: Standard success response. Request succeeded.
{"error":"DELETE method not allowed"}
201 Created: New resource created successfully (typically after POST).

301 Moved Permanently: Resource permanently moved to a new URL. 500 Internal Server Error: Generic server error.

HTTP/1.1 301 Moved Permanently HTTP/1.1 500 Internal Server Error

Location: [Link]
{"error":"An unexpected error occurred"}

400 Bad Request: Server cannot process the request due to client error (malformed syntax).
Status Code Quick Reference (For understanding purposes)
HTTP/1.1 400 Bad Request
Content-Type: application/json Code Name Category Meaning
200 OK Success Request succeeded
{"error":"Invalid JSON format in request body"}
201 Created Success New resource created
204 No Content Success Success but no content to return
401 Unauthorized: Authentication required or failed. 301 Moved Permanently Redirection Resource moved permanently
302 Found Redirection Resource temporarily moved
HTTP/1.1 401 Unauthorized 304 Not Modified Redirection Resource unchanged (cache valid)
WWW-Authenticate: Bearer realm="API"
400 Bad Request Client Error Malformed request
{"error":"Authentication required"} 401 Unauthorized Client Error Authentication required
403 Forbidden Client Error Access denied
403 Forbidden: Server understood request but refuses to authorize it. 404 Not Found Client Error Resource doesn’t exist
409 Conflict Client Error Request conflicts with current state
422 Unprocessable Entity Client Error Validation failed
HTTP/1.1 403 Forbidden
429 Too Many Requests Client Error Rate limit exceeded
{"error":"You don't have permission to access this resource"} 500 Internal Server Error Server Error Generic server error
502 Bad Gateway Server Error Invalid upstream response
404 Not Found: Requested resource doesn’t exist. 503 Service Unavailable Server Error Server temporarily unavailable

HTTP/1.1 404 Not Found