I have started to study about the API and RESTful. I hope you can help me.
The Get methods are normally sent via the uri, for example
http: // example / login? name = Xxxx
but each method must maintain the standard of doing what the method indicates.
POST update
PUT insert
GET get
DELEATE delete
but if I have to do a Get but the data is very sensitive to travel in the uri. what should I do? Change it for a Post method so that it travels in the body?
I understand that it has security terms like jwt, but in those cases, what should be done?
I have to do a Get but the data is very sensitive to travel in the uri. what should I do? Change it for a Post method so that it travels in the body?
Yes, that's exactly right.
In theory, there's no reason that we couldn't have an HTTP method that is effectively read only and has a method body; but as of 2020-09 the only registered methods that fit the bill are SEARCH and REPORT, which both have WebDAV semantics that you likely want to avoid.
In the absence of a standard method with the semantics that you need, it is okay to use POST.
One way of thinking about this, is that we are using POST to create a new resource using the contents of the request as arguments; the new resource would have its own identifier which obscures the sensitive data. Then you could use the new identifier to GET the latest representation of the resource any time you wanted.
To that basic idea, we add the idea of returning the representation of the new resource when we create it, and treating that resource as an ephemeral thing that you don't need to store because it "goes away" immediately after use (meaning that subsequent attempts to fetch the representation would 404).
So you might end up with a response that looks like
201 Created
Location: /random-url-that-has-no-sensitive-information
Content-Location: /random-url-that-has-no-sensitive-information
Cache-Control: no-cache
....