Home/ Questions/Q 8937201
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T10:22:03+00:00

I want to connect in a secure way with an API and I am

  • 0

I want to connect in a secure way with an API and I am using cURL to do it using HTTPS and SSL.

Now, i was wondering what is better in terms of security, sending the data through GET or POST:

$ch = curl_init("http://api.website.com/connect.php?user=xxx&pass=xxxx");
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2);

$result = curl_exec($ch);
curl_close($ch);

Or

$param['user'] = 'xxxx';
$param['pass'] = 'xxxx';
$ch = curl_init("http://api.website.com/connect.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $Parameters);

curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,  2);

$result = curl_exec($ch);
curl_close($ch);

I also realized that POST is much more slower retrieving the data.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Neither. “GET parameters” are part of the URL which is part of the HTTP request header, “POST parameters” are part of the HTTP request body. Both are part of the same HTTP request, which is all just plain text. There’s no difference in “security”.

    Use GET or POST semantically depending on the kind of request, not because of security concerns.

    The only thing is that the requested URLs are more likely to appear in log files than the entire request body. But the one logging would be the service you send the data to anyway, so it doesn’t make much of a difference.

    • 0