New HTTP QUERY method explained

The IETF draft defines a new HTTP method, QUERY, intended solely for data retrieval. Unlike GET, which can carry a request body, QUERY forbids a body and uses the request line to convey the query, allowing servers to treat the request as a safe, idempotent operation. The draft specifies the method’s syntax (e.g., QUERY /resource?filter=… HTTP/1.1) and semantics, and notes that the method can replace POST when complex query parameters are needed. [IETF Draft]

The Kreya blog explains that the QUERY method aims to cut the overhead of encoding parameters in the URL or body. By moving the query into the request line and prohibiting a body, implementations can avoid the extra parsing steps required for POST payloads, which the blog says can shave milliseconds off latency on high‑throughput APIs. [Kreya Blog]

Why it matters

1. It provides a standardized way to express read‑only operations that need richer query semantics than GET without resorting to POST.
2. Because the method is defined as safe and idempotent, caches and intermediaries can treat it like GET, potentially improving cache hit rates. [IETF Draft]
3. The reduced parsing complexity lowers the attack surface: fewer payload formats mean fewer vectors for injection attacks. [Kreya Blog]

Adoption will require server frameworks to add support for the new verb and client libraries to expose it, but the draft offers clear guidance for implementers. Early adopters can experiment in controlled environments to assess performance gains and security benefits.