Create Read Update Delete


Create Read Update Delete (CRUD) are typical data operations that could be performed regardless of the protocol.

Create Read Update Delete Originally was applied to SQL Operations.

Create Read Update Delete for SQL and HTTP / REST [1]#

Though HTTP GET and HTTP DELETE coordinate well, HTTP POST, HTTP PUT, and HTTP PATCH aren’t directly synonymous with a single CRUD operation.

For example, HTTP POST doesn’t necessarily only mean “Create”. It’s actually a very versatile method — so versatile that the entire SOAP protocol is tunneled through the HTTP POST method when used with HTTP.

Since HTTP Methods don’t map cleanly to CRUD, Ulsberg argues that API providers should consider how they might describe their APIs in a different way: "Don’t limit yourself to CRUD when you design a REST API. You should read the specification and understand the semantics of each method, and use it properly."

What it comes down to is that REST is an architectural style, not a protocol.

CRUDX Specification#

The CRUDX specification string is similar to the UNIX File System model where each specification is a Bit String-array of length 5 where each element of the array represents the corresponding permission level and can be set to
  • 1 (allowed)
  • 0 (not allowed)
This can be displayed as a 5-character string where each character is either the first letter of the permission level's name (allowed) or a hyphen (not allowed); hyphens can optionally be omitted (e.g. C--DX == CDX. Since the representation is an ordered list, a permission can also be specified as an unsigned, 5-bit integer (e.g. C--DX == 25).
Full PermissionsCRUDX31
Null Permissions-----0
Read Only-R---2
Read & Execute-R--X18
The CRUDX specification proposal could be confusing because the integer values of each permission level do NOT match the UNIX levels; they are not even ordered from least to most dangerous.

More Information#

There might be more information for this subject on one of the following: