Question: Why is GET specified as SHOULD be safe

[phatcher]

I can see why you can't guarantee that GET is idempotent, as the resource could change and GET on a collection is likely to be even more volatile, but why does the specification allow it to be not safe?

[dsebastien]

Hello @phatcher!

We mentioned that as a general statement that some methods are supposed to be safe (like GET) while others aren't expected to be (like POST).

In the case of GET indeed, there's really (IMO) no excuse to break the safety and to allow for a GET to have side-effects.

I'll update the doc to make it clearer there ;-)

[phatcher]

@dsebastien Thanks for the quick response, that was my thinking as well - at the very least if you do have to do it, it should go on the project risk/technical debt register :-)