I have a WFC Data Service using OData v3. Following REST specification I created a method invoked by POST that adds an entity (a Client in this case) using Entity Framework.
Everything works great and adds as expected but the thing is I’m not pretty comfortable passing all the parameters I need using the query string, meaning the “typical” POST is usually application/x-www-form-urlencoded and sends the parameters in the request body instead of the query string. WCF Data Services don’t seem to allow this in a relatively straightforward way.
Are there any major drawback/security issue (besides the obvious size limitation of the query string) using the query string that I should know of? Can I send parameters in the request body and use application/x-www-form-urlencoded without jumping through millions of hoops?
It just doesn’t feel right to use the query string for everything.
The standard way of creating entities using OData is to send a POST to the entity set URL (of the entity set you want the entity to insert into). That POST has the entity in its body either as ATOM or JSON payload. http://www.odata.org/documentation/operations#CreatingnewEntries
Using service operations to create new entities is definitely possible, but it’s not that common. It’s currently not possible to send the parameters to the service operation inside a body (without some serious hacking).