HTTP (Hypertext Transfer Protocol)
HTTP is the application-layer protocol used for transmitting data on the web, forming the foundation of API communication.
HTTP (Hypertext Transfer Protocol) is an application-layer protocol that defines how messages are formatted and transmitted between clients and servers on the web. Originally designed for fetching HTML documents, HTTP has become the standard transport protocol for APIs, web applications, microservices communication, and virtually all request-response interactions on the internet.
How HTTP works
HTTP follows a request-response model. A client (such as a browser, mobile app, or another service) sends an HTTP request to a server, and the server returns an HTTP response. Each request includes:
Method: The action to perform -- GET (retrieve), POST (create), PUT (update), DELETE (remove), PATCH (partial update), and others.
URL/URI: The address of the resource being accessed.
Headers: Key-value pairs carrying metadata such as content type, authentication tokens, caching directives, and accepted response formats.
Body (optional): Data sent with the request, typically used with POST, PUT, and PATCH methods.
The response includes a status code (e.g., 200 OK, 404 Not Found, 500 Internal Server Error), response headers, and an optional body containing the requested data or error details.
HTTP versions
HTTP/1.1: The long-standing standard, supporting persistent connections and chunked transfer encoding. Still widely used.
HTTP/2: Introduces binary framing, multiplexing (multiple requests over a single connection), header compression, and server push. Reduces latency for web pages with many resources.
HTTP/3: Built on QUIC (a UDP-based transport protocol) rather than TCP. Eliminates head-of-line blocking and improves performance on unreliable networks.
HTTP in API design
REST APIs are built directly on HTTP, using its methods, status codes, and headers as the core of the API contract. GraphQL APIs typically use HTTP POST requests to a single endpoint. Even gRPC, which uses its own binary protocol, is transported over HTTP/2.
Key HTTP features that matter for API design include content negotiation (Accept and Content-Type headers), caching (Cache-Control, ETag), conditional requests (If-None-Match, If-Modified-Since), and authentication (Authorization header with Bearer tokens or API keys).
HTTP and API gateways
An API gateway operates at the HTTP layer, inspecting incoming requests and making routing, authentication, and policy decisions based on HTTP attributes. The gateway reads the method, path, and headers to determine which backend should handle the request, what authorization is required, and whether CORS headers should be included in the response.
Serverless API Gateway runs on Cloudflare Workers and processes HTTP requests at the edge. It supports path-based routing, JWT authorization via the Authorization header, CORS header management, and variable mapping between request and upstream formats. All configuration is expressed in terms of HTTP methods and paths, making HTTP knowledge essential for defining gateway behavior.
Related documentation
Path Routing - Configure HTTP method and path-based routing
CORS Configuration - Manage HTTP CORS headers
Authorizer Configuration - HTTP Authorization header and JWT verification
Variable Mapping - Map HTTP request components to upstream parameters
Last updated