File upload API: Multipart/form-data vs. raw contents in body?

9
votes

I noticed there are (at least) two ways of uploading a file to a HTTP server via an API.

You can use multipart/form-data (which is what browsers do natively for file upload HTML inputs), but you can also POST the file content inside the request body (perhaps with the correct Content-Type request header).

What are the pros and cons of each method (in all generality, not from a browser)?

Multipart requests for instance – depending on which http or networking library you use in your programming environment (I use Node.js on the server side and Swift on the client side) – seem to be a bit more complex to create and then parse.

1
httpfile-uploadupload
Check stackoverflow.com/questions/29659154/…vtortola
@vtortola not really an answer to this question. I'm not asking about any client-side networking implementations, just about the http methods.julien_c

1 Answers

16
votes

The only difference on the protocol level is that multipart/form-data requests must adhere to RFC 2388 while a custom typed request body can be arbitrary.

The practical implication from this is that a multipart/form-data request is typically larger: While clients are technically allowed to use a non-7bit content-transfer-encoding, base64 is used by most. The MIME headers generate additional overhead that can become a bottleneck if many small files are uploaded. Note that support for multipart/form-data file uploads in existing clients/libraries is far more widespread. You should always provide it as a fallback if you are not sufficiently certain about the featureset of your clients and intermediate hosts (proxy servers). Especially keep in mind that if you are designing an API for third parties that other developers will already be familiar with multipart/form-data and have libraries at hand to work with that.