I am designing a GET request where I need to send a list of product IDs to a filtering API. Should I repeat the key multiple times like ?id=1&id=2, use a comma-separated string like ?ids=1,2,3, or use the bracket notation ?ids[]=1&ids[]=2? I am concerned about how different backend frameworks like Node.js, Spring, or Django handle these formats and which one is considered the most RESTful practice.
3 answers
There isn't one single "official" standard, but the most widely supported method across modern frameworks is repeating the key, such as ?id=1&id=2&id=3. Most backend parsers, like body-parser in Node or the default parameter binders in Java Spring, will automatically detect the duplicate keys and group them into an array. If you are using PHP or Ruby on Rails, the bracket notation ?ids[]=1&ids[]=2 is the preferred convention. However, if your array is exceptionally large, you should avoid query parameters entirely and move the data into the body of a POST request to avoid hitting the URL length limits imposed by browsers and load balancers.
This makes sense for simple IDs, but if my array contains special characters or spaces, do I need to manually URL-encode each element before joining them into the query string?
This makes sense for simple IDs, but if my array contains special characters or spaces, do I need to manually URL-encode each element before joining them into the query string?
Absolutely, James. You must URL-encode any special characters to prevent the browser from misinterpreting the query string. In JavaScript, you should use encodeURIComponent() on each value. If you're building the whole string at once, the URLSearchParams interface is even better because it handles all the encoding and key repetition for you automatically. This prevents bugs where characters like & or # accidentally break your parameter structure and lead to 400 Bad Request errors on your server.