Skip to main content


Hypertext Transfer Protocol

  • Top-level application protocol that exchanges information between a client computer and a local or remote web server.

HTTP 1.0 / 1.1/ 2.0

HTTP 1.0HTTP 1.1HTTP 2.0
Multiple requestsNo, 1 per TCP connectionYes, head-of-line (HOL) blocking - previous requests block the queueBinary Framing Layer - parallel streams of data encoded and re-assembled (multiplexing)
Handling buffer overflowNoYes, state receive window in TCP ACKFlow control based on each streams
Resource RequestNoResource Inlining - include the resource directly within the HTMLServer Push - push resource alongside HTML
CompressionNoHeader not compressedHPACK to compress headers

HTTP Method


POSTCreates a child resourceCreates new user and generates userid
PUTCreates (If nil) / Replaces the resource with idempotencyUpdate this user via userid
PATCHUpdates part of the resourceUpdate username of this user via userid

HTTP Resp Codes

1xx Informational Responses

  • Server informs the client that the request is in motion

2xx Successful Responses

  • Announces a successful operation
200 OKSuccess
201 CreatedSuccess. After POST/PUT

3xx Redirection Responses

  • Appear during redirections and forwardings
301 Moved PermanentlyThe URL of the requested resource has been changed permanently. The new URL is given in the response.
302 FoundURI of requested resource has been changed temporarily
304 Not ModifiedCached, response has not been modified

4xx Client Error Responses

  • The server has received the request, but cannot perform it.
400 Bad RequestWill not process request due to client error (invalid)
401 UnauthorizedNot aunthenticated
403 ForbiddenDoes not have access rights to the content
404 Not FoundServer can not find the requested resource
408 Request TimeoutServer would like to shut down this unused connection

5xx Server Error Responses

  • Server has failed to perform the request.
500 Internal Server ErrorThe server has encountered a situation it does not know how to handle
502 Bad GatewayServer, while working as a gateway to get a response needed to handle the request, got an invalid response
503 Service UnavailableThe server is not ready to handle the request


HTTPS is HTTP + Encryption (TLS / SSL)


TLS: Transport Layer Security

SSL: Secure Sockets Layer

SSL replaced by TLS

HTTPS Encryption Steps

  1. TLS Handshake
  • Contains information such as TLS version to support
  • Uses asymmetric key - two different keys are used on the two ends of the conversation
  1. Certificate Exchange
  • Exchange SSL certificate, containing owner name, domain, public key, digital signature (cipher text signed by CA with private key), validity
  • Client verifies certificate / certificate authority (CA)
  • Verify digital signature by decrypting with the certificate's CA public key
  1. Key Exchange
  • Creates a session key
  • Encrypt with server's public key and send to server
  • Server receives and decrypt with private key
  1. Done!
  • Session key used for both encryption and decryption
  • Uses symmetric key
  • Valid until next session