RFC 9205 - Building Protocols with HTTP

Abstract

Applications often use HTTP as a substrate to create HTTP-based APIs. This document specifies best practices for writing specifications that use HTTP to define new application protocols. It is written primarily to guide IETF efforts to define application protocols using HTTP for deployment on the Internet but might be applicable in other situations.

This document obsoletes RFC 3205.

Status of This Memo

This memo documents an Internet Best Current Practice.

This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on BCPs is available in Section 2 of RFC 7841.

Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc9205.

Copyright Notice

Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.

Contents

• 1. Introduction
  • 1.1. Notational Conventions
• 2. Is HTTP Being Used?
  • 2.1. Non-HTTP Protocols
• 3. What's Important About HTTP
  • 3.1. Generic Semantics
  • 3.2. Links
  • 3.3. Rich Functionality
• 4. Best Practices for Specifying the Use of HTTP
  • 4.1. Specifying the Use of HTTP
  • 4.2. Specifying Server Behaviour
  • 4.3. Specifying Client Behaviour
  • 4.4. Specifying URLs
  • 4.5. Using HTTP Methods
  • 4.6. Using HTTP Status Codes
  • 4.7. Specifying HTTP Header Fields
  • 4.8. Defining Message Content
  • 4.9. Leveraging HTTP Caching
  • 4.10. Handling Application State
  • 4.11. Making Multiple Requests
  • 4.12. Client Authentication
  • 4.13. Coexisting with Web Browsing
  • 4.14. Maintaining Application Boundaries
  • 4.15. Using Server Push
  • 4.16. Allowing Versioning and Evolution
• 5. IANA Considerations
• 6. Security Considerations
  • 6.1. Privacy Considerations
• 7. References
  • 7.1. Normative References
  • 7.2. Informative References
• Appendix A. Changes from RFC 3205

Document Information

• RFC: 9205
• Category: Best Current Practice
• Published: June 2022
• Author: M. Nottingham
• Obsoletes: RFC 3205