{ "id": "guide/http", "title": "Communicating with backend services using HTTP", "contents": "\n\n\n
\n mode_edit\n
\n\n\n
\n

Communicating with backend services using HTTPlink

\n

Most front-end applications need to communicate with a server over the HTTP protocol, in order to download or upload data and access other back-end services.\nAngular provides a simplified client HTTP API for Angular applications, the HttpClient service class in @angular/common/http.

\n

The HTTP client service offers the following major features.

\n\n
Prerequisiteslink
\n

Before working with the HttpClientModule, you should have a basic understanding of the following:

\n\n

Setup for server communicationlink

\n

Before you can use HttpClient, you need to import the Angular HttpClientModule.\nMost apps do so in the root AppModule.

\n\nimport { NgModule } from '@angular/core';\nimport { BrowserModule } from '@angular/platform-browser';\nimport { HttpClientModule } from '@angular/common/http';\n\n@NgModule({\n imports: [\n BrowserModule,\n // import HttpClientModule after BrowserModule.\n HttpClientModule,\n ],\n declarations: [\n AppComponent,\n ],\n bootstrap: [ AppComponent ]\n})\nexport class AppModule {}\n\n\n

You can then inject the HttpClient service as a dependency of an application class, as shown in the following ConfigService example.

\n\nimport { Injectable } from '@angular/core';\nimport { HttpClient } from '@angular/common/http';\n\n@Injectable()\nexport class ConfigService {\n constructor(private http: HttpClient) { }\n}\n\n\n

The HttpClient service makes use of observables for all transactions. You must import the RxJS observable and operator symbols that appear in the example snippets. These ConfigService imports are typical.

\n\nimport { Observable, throwError } from 'rxjs';\nimport { catchError, retry } from 'rxjs/operators';\n\n\n
\n

You can run the that accompanies this guide.

\n

The sample app does not require a data server.\nIt relies on the\nAngular in-memory-web-api,\nwhich replaces the HttpClient module's HttpBackend.\nThe replacement service simulates the behavior of a REST-like backend.

\n

Look at the AppModule imports to see how it is configured.

\n
\n

Requesting data from a serverlink

\n

Use the HttpClient.get() method to fetch data from a server.\nThe asynchronous method sends an HTTP request, and returns an Observable that emits the requested data when the response is received.\nThe return type varies based on the observe and responseType values that you pass to the call.

\n

The get() method takes two arguments; the endpoint URL from which to fetch, and an options object that you can use to configure the request.

\n\noptions: {\n headers?: HttpHeaders | {[header: string]: string | string[]},\n observe?: 'body' | 'events' | 'response',\n params?: HttpParams|{[param: string]: string | number | boolean | ReadonlyArray<string | number | boolean>},\n reportProgress?: boolean,\n responseType?: 'arraybuffer'|'blob'|'json'|'text',\n withCredentials?: boolean,\n }\n\n

Important options include the observe and responseType properties.

\n\n
\n

You can use the options object to configure various other aspects of an outgoing request.\nIn Adding headers, for example, the service set the default headers using the headers option property.

\n

Use the params property to configure a request with HTTP URL parameters, and the reportProgress option to listen for progress events when transferring large amounts of data.

\n
\n

Applications often request JSON data from a server.\nIn the ConfigService example, the app needs a configuration file on the server, config.json,\nthat specifies resource URLs.

\n\n{\n \"heroesUrl\": \"api/heroes\",\n \"textfile\": \"assets/textfile.txt\",\n \"date\": \"2020-01-29\"\n}\n\n\n\n

To fetch this kind of data, the get() call needs the following options: {observe: 'body', responseType: 'json'}.\nThese are the default values for those options, so the following examples do not pass the options object.\nLater sections show some of the additional option possibilities.

\n\n

The example conforms to the best practices for creating scalable solutions by defining a re-usable injectable service to perform the data-handling functionality.\nIn addition to fetching data, the service can post-process the data, add error handling, and add retry logic.

\n

The ConfigService fetches this file using the HttpClient.get() method.

\n\nconfigUrl = 'assets/config.json';\n\ngetConfig() {\n return this.http.get(this.configUrl);\n}\n\n\n

The ConfigComponent injects the ConfigService and calls\nthe getConfig service method.

\n

Because the service method returns an Observable of configuration data,\nthe component subscribes to the method's return value.\nThe subscription callback performs minimal post-processing.\nIt copies the data fields into the component's config object, which is data-bound in the component template for display.

\n\nshowConfig() {\n this.configService.getConfig()\n .subscribe((data: Config) => this.config = {\n heroesUrl: data.heroesUrl,\n textfile: data.textfile,\n date: data.date,\n });\n}\n\n\n\n

Requesting a typed responselink

\n

You can structure your HttpClient request to declare the type of the response object, to make consuming the output easier and more obvious.\nSpecifying the response type acts as a type assertion at compile time.

\n
\n

Specifying the response type is a declaration to TypeScript that it should treat your response as being of the given type.\nThis is a build-time check and doesn't guarantee that the server will actually respond with an object of this type. It is up to the server to ensure that the type specified by the server API is returned.

\n
\n

To specify the response object type, first define an interface with the required properties.\nUse an interface rather than a class, because the response is a plain object that cannot be automatically converted to an instance of a class.

\n\nexport interface Config {\n heroesUrl: string;\n textfile: string;\n date: any;\n}\n\n\n

Next, specify that interface as the HttpClient.get() call's type parameter in the service.

\n\ngetConfig() {\n // now returns an Observable of Config\n return this.http.get<Config>(this.configUrl);\n}\n\n\n
\n

When you pass an interface as a type parameter to the HttpClient.get() method, you can use the RxJS map operator to transform the response data as needed by the UI. You can then pass the transformed data to the async pipe.

\n
\n

The callback in the updated component method receives a typed data object, which is\neasier and safer to consume:

\n\nconfig: Config;\n\nshowConfig() {\n this.configService.getConfig()\n // clone the data object, using its known Config shape\n .subscribe((data: Config) => this.config = { ...data });\n}\n\n\n

To access properties that are defined in an interface, you must explicitly convert the plain object you get from the JSON to the required response type.\nFor example, the following subscribe callback receives data as an Object, and then type-casts it in order to access the properties.

\n\n .subscribe(data => this.config = {\n heroesUrl: (data as any).heroesUrl,\n textfile: (data as any).textfile,\n });\n\n\n
\n
*observe* and *response* types
\n

The types of the observe and response options are string unions, rather than plain strings.

\n\noptions: {\n ...\n observe?: 'body' | 'events' | 'response',\n ...\n responseType?: 'arraybuffer'|'blob'|'json'|'text',\n ...\n }\n\n

This can cause confusion. For example:

\n\n// this works\nclient.get('/foo', {responseType: 'text'})\n\n// but this does NOT work\nconst options = {\n responseType: 'text',\n};\nclient.get('/foo', options)\n\n

In the second case, TypeScript infers the type of options to be {responseType: string}.\nThe type is too wide to pass to HttpClient.get which is expecting the type of responseType to be one of the specific strings.\nHttpClient is typed explicitly this way so that the compiler can report the correct return type based on the options you provided.

\n

Use as const to let TypeScript know that you really do mean to use a constant string type:

\n\nconst options = {\n responseType: 'text' as const,\n};\nclient.get('/foo', options);\n\n
\n

Reading the full responselink

\n

In the previous example, the call to HttpClient.get() did not specify any options. By default, it returned the JSON data contained in the response body.

\n

You might need more information about the transaction than is contained in the response body. Sometimes servers return special headers or status codes to indicate certain conditions that are important to the application workflow.

\n

Tell HttpClient that you want the full response with the observe option of the get() method:

\n\ngetConfigResponse(): Observable<HttpResponse<Config>> {\n return this.http.get<Config>(\n this.configUrl, { observe: 'response' });\n}\n\n\n

Now HttpClient.get() returns an Observable of type HttpResponse rather than just the JSON data contained in the body.

\n

The component's showConfigResponse() method displays the response headers as well as the configuration:

\n\nshowConfigResponse() {\n this.configService.getConfigResponse()\n // resp is of type `HttpResponse<Config>`\n .subscribe(resp => {\n // display its headers\n const keys = resp.headers.keys();\n this.headers = keys.map(key =>\n `${key}: ${resp.headers.get(key)}`);\n\n // access the body directly, which is typed as `Config`.\n this.config = { ... resp.body };\n });\n}\n\n\n

As you can see, the response object has a body property of the correct type.

\n

Making a JSONP requestlink

\n

Apps can use the HttpClient to make JSONP requests across domains when a server doesn't support CORS protocol.

\n

Angular JSONP requests return an Observable.\nFollow the pattern for subscribing to observables and use the RxJS map operator to transform the response before using the async pipe to manage the results.

\n

In Angular, use JSONP by including HttpClientJsonpModule in the NgModule imports.\nIn the following example, the searchHeroes() method uses a JSONP request to query for heroes whose names contain the search term.

\n\n/* GET heroes whose name contains search term */\nsearchHeroes(term: string): Observable {\n term = term.trim();\n\n const heroesURL = `${this.heroesURL}?${term}`;\n return this.http.jsonp(heroesUrl, 'callback').pipe(\n catchError(this.handleError('searchHeroes', [])) // then handle the error\n );\n}\n\n

This request passes the heroesURL as the first parameter and the callback function name as the second parameter.\nThe response is wrapped in the callback function, which takes the observables returned by the JSONP method and pipes them through to the error handler.

\n

Requesting non-JSON datalink

\n

Not all APIs return JSON data.\nIn this next example, a DownloaderService method reads a text file from the server and logs the file contents, before returning those contents to the caller as an Observable<string>.

\n\ngetTextFile(filename: string) {\n // The Observable returned by get() is of type Observable<string>\n // because a text response was specified.\n // There's no need to pass a <string> type parameter to get().\n return this.http.get(filename, {responseType: 'text'})\n .pipe(\n tap( // Log the result or error\n data => this.log(filename, data),\n error => this.logError(filename, error)\n )\n );\n}\n\n\n

HttpClient.get() returns a string rather than the default JSON because of the responseType option.

\n

The RxJS tap operator (as in \"wiretap\") lets the code inspect both success and error values passing through the observable without disturbing them.

\n

A download() method in the DownloaderComponent initiates the request by subscribing to the service method.

\n\ndownload() {\n this.downloaderService.getTextFile('assets/textfile.txt')\n .subscribe(results => this.contents = results);\n}\n\n\n\n

Handling request errorslink

\n

If the request fails on the server, HttpClient returns an error object instead of a successful response.

\n

The same service that performs your server transactions should also perform error inspection, interpretation, and resolution.

\n

When an error occurs, you can obtain details of what failed in order to inform your user. In some cases, you might also automatically retry the request.

\n\n

Getting error detailslink

\n

An app should give the user useful feedback when data access fails.\nA raw error object is not particularly useful as feedback.\nIn addition to detecting that an error has occurred, you need to get error details and use those details to compose a user-friendly response.

\n

Two types of errors can occur.

\n\n

HttpClient captures both kinds of errors in its HttpErrorResponse. You can inspect that response to identify the error's cause.

\n

The following example defines an error handler in the previously defined ConfigService.

\n\nprivate handleError(error: HttpErrorResponse) {\n if (error.error instanceof ErrorEvent) {\n // A client-side or network error occurred. Handle it accordingly.\n console.error('An error occurred:', error.error.message);\n } else {\n // The backend returned an unsuccessful response code.\n // The response body may contain clues as to what went wrong.\n console.error(\n `Backend returned code ${error.status}, ` +\n `body was: ${error.error}`);\n }\n // Return an observable with a user-facing error message.\n return throwError(\n 'Something bad happened; please try again later.');\n}\n\n\n

The handler returns an RxJS ErrorObservable with a user-friendly error message.\nThe following code updates the getConfig() method, using a pipe to send all observables returned by the HttpClient.get() call to the error handler.

\n\ngetConfig() {\n return this.http.get<Config>(this.configUrl)\n .pipe(\n catchError(this.handleError)\n );\n}\n\n\n\n

Retrying a failed requestlink

\n

Sometimes the error is transient and goes away automatically if you try again.\nFor example, network interruptions are common in mobile scenarios, and trying again\ncan produce a successful result.

\n

The RxJS library offers several retry operators.\nFor example, the retry() operator automatically re-subscribes to a failed Observable a specified number of times. Re-subscribing to the result of an HttpClient method call has the effect of reissuing the HTTP request.

\n

The following example shows how you can pipe a failed request to the retry() operator before passing it to the error handler.

\n\ngetConfig() {\n return this.http.get<Config>(this.configUrl)\n .pipe(\n retry(3), // retry a failed request up to 3 times\n catchError(this.handleError) // then handle the error\n );\n}\n\n\n

Sending data to a serverlink

\n

In addition to fetching data from a server, HttpClient supports other HTTP methods such as PUT, POST, and DELETE, which you can use to modify the remote data.

\n

The sample app for this guide includes a simplified version of the \"Tour of Heroes\" example\nthat fetches heroes and enables users to add, delete, and update them.\nThe following sections show examples of the data-update methods from the sample's HeroesService.

\n

Making a POST requestlink

\n

Apps often send data to a server with a POST request when submitting a form.\nIn the following example, the HeroesService makes an HTTP POST request when adding a hero to the database.

\n\n/** POST: add a new hero to the database */\naddHero(hero: Hero): Observable<Hero> {\n return this.http.post<Hero>(this.heroesUrl, hero, httpOptions)\n .pipe(\n catchError(this.handleError('addHero', hero))\n );\n}\n\n\n

The HttpClient.post() method is similar to get() in that it has a type parameter, which you can use to specify that you expect the server to return data of a given type. The method takes a resource URL and two additional parameters:

\n\n

The example catches errors as described above.

\n

The HeroesComponent initiates the actual POST operation by subscribing to\nthe Observable returned by this service method.

\n\nthis.heroesService\n .addHero(newHero)\n .subscribe(hero => this.heroes.push(hero));\n\n\n

When the server responds successfully with the newly added hero, the component adds\nthat hero to the displayed heroes list.

\n

Making a DELETE requestlink

\n

This application deletes a hero with the HttpClient.delete method by passing the hero's id\nin the request URL.

\n\n/** DELETE: delete the hero from the server */\ndeleteHero(id: number): Observable<{}> {\n const url = `${this.heroesUrl}/${id}`; // DELETE api/heroes/42\n return this.http.delete(url, httpOptions)\n .pipe(\n catchError(this.handleError('deleteHero'))\n );\n}\n\n\n

The HeroesComponent initiates the actual DELETE operation by subscribing to\nthe Observable returned by this service method.

\n\nthis.heroesService\n .deleteHero(hero.id)\n .subscribe();\n\n\n

The component isn't expecting a result from the delete operation, so it subscribes without a callback. Even though you are not using the result, you still have to subscribe. Calling the subscribe() method executes the observable, which is what initiates the DELETE request.

\n
\n

You must call subscribe() or nothing happens. Just calling HeroesService.deleteHero() does not initiate the DELETE request.

\n
\n\n// oops ... subscribe() is missing so nothing happens\nthis.heroesService.deleteHero(hero.id);\n\n\n\n

Always subscribe!

\n

An HttpClient method does not begin its HTTP request until you call subscribe() on the observable returned by that method. This is true for all HttpClient methods.

\n
\n

The AsyncPipe subscribes (and unsubscribes) for you automatically.

\n
\n

All observables returned from HttpClient methods are cold by design.\nExecution of the HTTP request is deferred, allowing you to extend the\nobservable with additional operations such as tap and catchError before anything actually happens.

\n

Calling subscribe(...) triggers execution of the observable and causes\nHttpClient to compose and send the HTTP request to the server.

\n

You can think of these observables as blueprints for actual HTTP requests.

\n
\n

In fact, each subscribe() initiates a separate, independent execution of the observable.\nSubscribing twice results in two HTTP requests.

\n\nconst req = http.get<Heroes>('/api/heroes');\n// 0 requests made - .subscribe() not called.\nreq.subscribe();\n// 1 request made.\nreq.subscribe();\n// 2 requests made.\n\n
\n

Making a PUT requestlink

\n

An app can send PUT requests using the HTTP client service.\nThe following HeroesService example, like the POST example, replaces a resource with updated data.

\n\n/** PUT: update the hero on the server. Returns the updated hero upon success. */\nupdateHero(hero: Hero): Observable<Hero> {\n return this.http.put<Hero>(this.heroesUrl, hero, httpOptions)\n .pipe(\n catchError(this.handleError('updateHero', hero))\n );\n}\n\n\n

As for any of the HTTP methods that return an observable, the caller, HeroesComponent.update() must subscribe() to the observable returned from the HttpClient.put() in order to initiate the request.

\n

Adding and updating headerslink

\n

Many servers require extra headers for save operations.\nFor example, a server might require an authorization token, or \"Content-Type\" header to explicitly declare the MIME type of the request body.

\n
Adding headerslink
\n

The HeroesService defines such headers in an httpOptions object that are passed\nto every HttpClient save method.

\n\nimport { HttpHeaders } from '@angular/common/http';\n\nconst httpOptions = {\n headers: new HttpHeaders({\n 'Content-Type': 'application/json',\n Authorization: 'my-auth-token'\n })\n};\n\n\n
Updating headerslink
\n

You can't directly modify the existing headers within the previous options\nobject because instances of the HttpHeaders class are immutable.\nUse the set() method instead, to return a clone of the current instance with the new changes applied.

\n

The following example shows how, when an old token has expired, you can update the authorization header before making the next request.

\n\nhttpOptions.headers =\n httpOptions.headers.set('Authorization', 'my-new-auth-token');\n\n\n\n

Configuring HTTP URL parameterslink

\n

Use the HttpParams class with the params request option to add URL query strings in your HttpRequest.

\n

The following example, the searchHeroes() method queries for heroes whose names contain the search term.

\n

Start by importing HttpParams class.

\n\nimport {HttpParams} from \"@angular/common/http\";\n\n\n/* GET heroes whose name contains search term */\nsearchHeroes(term: string): Observable<Hero[]> {\n term = term.trim();\n\n // Add safe, URL encoded search parameter if there is a search term\n const options = term ?\n { params: new HttpParams().set('name', term) } : {};\n\n return this.http.get<Hero[]>(this.heroesUrl, options)\n .pipe(\n catchError(this.handleError<Hero[]>('searchHeroes', []))\n );\n}\n\n\n

If there is a search term, the code constructs an options object with an HTML URL-encoded search parameter.\nIf the term is \"cat\", for example, the GET request URL would be api/heroes?name=cat.

\n

The HttpParams object is immutable. If you need to update the options, save the returned value of the .set() method.

\n

You can also create HTTP parameters directly from a query string by using the fromString variable:

\n\nconst params = new HttpParams({fromString: 'name=foo'});\n\n\n

Intercepting requests and responseslink

\n

With interception, you declare interceptors that inspect and transform HTTP requests from your application to a server.\nThe same interceptors can also inspect and transform a server's responses on their way back to the application.\nMultiple interceptors form a forward-and-backward chain of request/response handlers.

\n

Interceptors can perform a variety of implicit tasks, from authentication to logging, in a routine, standard way, for every HTTP request/response.

\n

Without interception, developers would have to implement these tasks explicitly\nfor each HttpClient method call.

\n

Write an interceptorlink

\n

To implement an interceptor, declare a class that implements the intercept() method of the HttpInterceptor interface.

\n

Here is a do-nothing noop interceptor that simply passes the request through without touching it:\n\nimport { Injectable } from '@angular/core';\nimport {\n HttpEvent, HttpInterceptor, HttpHandler, HttpRequest\n} from '@angular/common/http';\n\nimport { Observable } from 'rxjs';\n\n/** Pass untouched request through to the next request handler. */\n@Injectable()\nexport class NoopInterceptor implements HttpInterceptor {\n\n intercept(req: HttpRequest<any>, next: HttpHandler):\n Observable<HttpEvent<any>> {\n return next.handle(req);\n }\n}\n\n\n

\n

The intercept method transforms a request into an Observable that eventually returns the HTTP response.\nIn this sense, each interceptor is fully capable of handling the request entirely by itself.

\n

Most interceptors inspect the request on the way in and forward the (perhaps altered) request to the handle() method of the next object which implements the HttpHandler interface.

\n\nexport abstract class HttpHandler {\n abstract handle(req: HttpRequest<any>): Observable<HttpEvent<any>>;\n}\n\n

Like intercept(), the handle() method transforms an HTTP request into an Observable of HttpEvents which ultimately include the server's response. The intercept() method could inspect that observable and alter it before returning it to the caller.

\n

This no-op interceptor simply calls next.handle() with the original request and returns the observable without doing a thing.

\n

The next objectlink

\n

The next object represents the next interceptor in the chain of interceptors.\nThe final next in the chain is the HttpClient backend handler that sends the request to the server and receives the server's response.

\n

Most interceptors call next.handle() so that the request flows through to the next interceptor and, eventually, the backend handler.\nAn interceptor could skip calling next.handle(), short-circuit the chain, and return its own Observable with an artificial server response.

\n

This is a common middleware pattern found in frameworks such as Express.js.

\n

Provide the interceptorlink

\n

The NoopInterceptor is a service managed by Angular's dependency injection (DI) system.\nLike other services, you must provide the interceptor class before the app can use it.

\n

Because interceptors are (optional) dependencies of the HttpClient service,\nyou must provide them in the same injector (or a parent of the injector) that provides HttpClient.\nInterceptors provided after DI creates the HttpClient are ignored.

\n

This app provides HttpClient in the app's root injector, as a side-effect of importing the HttpClientModule in AppModule.\nYou should provide interceptors in AppModule as well.

\n

After importing the HTTP_INTERCEPTORS injection token from @angular/common/http,\nwrite the NoopInterceptor provider like this:

\n\n{ provide: HTTP_INTERCEPTORS, useClass: NoopInterceptor, multi: true },\n\n\n

Note the multi: true option.\nThis required setting tells Angular that HTTP_INTERCEPTORS is a token for a multiprovider\nthat injects an array of values, rather than a single value.

\n

You could add this provider directly to the providers array of the AppModule.\nHowever, it's rather verbose and there's a good chance that\nyou'll create more interceptors and provide them in the same way.\nYou must also pay close attention to the order\nin which you provide these interceptors.

\n

Consider creating a \"barrel\" file that gathers all the interceptor providers into an httpInterceptorProviders array, starting with this first one, the NoopInterceptor.

\n\n/* \"Barrel\" of Http Interceptors */\nimport { HTTP_INTERCEPTORS } from '@angular/common/http';\n\nimport { NoopInterceptor } from './noop-interceptor';\n\n/** Http interceptor providers in outside-in order */\nexport const httpInterceptorProviders = [\n { provide: HTTP_INTERCEPTORS, useClass: NoopInterceptor, multi: true },\n];\n\n\n

Then import and add it to the AppModule providers array like this:

\n\nproviders: [\n httpInterceptorProviders\n],\n\n\n

As you create new interceptors, add them to the httpInterceptorProviders array and\nyou won't have to revisit the AppModule.

\n
\n

There are many more interceptors in the complete sample code.

\n
\n

Interceptor orderlink

\n

Angular applies interceptors in the order that you provide them.\nFor example, consider a situation in which you want to handle the authentication of your HTTP requests and log them before sending them to a server. To accomplish this task, you could provide an AuthInterceptor service and then a LoggingInterceptor service.\nOutgoing requests would flow from the AuthInterceptor to the LoggingInterceptor.\nResponses from these requests would flow in the other direction, from LoggingInterceptor back to AuthInterceptor.\nThe following is a visual representation of the process:

\n
\n \"Interceptor\n
\n
\n

The last interceptor in the process is always the HttpBackend that handles communication with the server.

\n
\n

You cannot change the order or remove interceptors later.\nIf you need to enable and disable an interceptor dynamically, you'll have to build that capability into the interceptor itself.

\n\n

Handling interceptor eventslink

\n

Most HttpClient methods return observables of HttpResponse<any>.\nThe HttpResponse class itself is actually an event, whose type is HttpEventType.Response.\nA single HTTP request can, however, generate multiple events of other types, including upload and download progress events.\nThe methods HttpInterceptor.intercept() and HttpHandler.handle() return observables of HttpEvent<any>.

\n

Many interceptors are only concerned with the outgoing request and return the event stream from next.handle() without modifying it.\nSome interceptors, however, need to examine and modify the response from next.handle(); these operations can see all of these events in the stream.

\n\n

Although interceptors are capable of modifying requests and responses,\nthe HttpRequest and HttpResponse instance properties are readonly,\nrendering them largely immutable.\nThey are immutable for a good reason: an app might retry a request several times before it succeeds, which means that the interceptor chain can re-process the same request multiple times.\nIf an interceptor could modify the original request object, the re-tried operation would start from the modified request rather than the original. Immutability ensures that interceptors see the same request for each try.

\n
\n

Your interceptor should return every event without modification unless it has a compelling reason to do otherwise.

\n
\n

TypeScript prevents you from setting HttpRequest read-only properties.

\n\n // Typescript disallows the following assignment because req.url is readonly\n req.url = req.url.replace('http://', 'https://');\n\n

If you must alter a request, clone it first and modify the clone before passing it to next.handle().\nYou can clone and modify the request in a single step, as shown in the following example.

\n\n// clone request and replace 'http://' with 'https://' at the same time\nconst secureReq = req.clone({\n url: req.url.replace('http://', 'https://')\n});\n// send the cloned, \"secure\" request to the next handler.\nreturn next.handle(secureReq);\n\n\n

The clone() method's hash argument allows you to mutate specific properties of the request while copying the others.

\n

Modifying a request bodylink

\n

The readonly assignment guard can't prevent deep updates and, in particular,\nit can't prevent you from modifying a property of a request body object.

\n\n req.body.name = req.body.name.trim(); // bad idea!\n\n

If you must modify the request body, follow these steps.

\n
    \n
  1. Copy the body and make your change in the copy.
    2. \n
  2. Clone the request object, using its clone() method.
    3. \n
  3. Replace the clone's body with the modified copy.
    4. \n
\n\n// copy the body and trim whitespace from the name property\nconst newBody = { ...body, name: body.name.trim() };\n// clone request and set its body\nconst newReq = req.clone({ body: newBody });\n// send the cloned request to the next handler.\nreturn next.handle(newReq);\n\n\n

Clearing the request body in a clonelink

\n

Sometimes you need to clear the request body rather than replace it.\nTo do this, set the cloned request body to null.

\n
\n

Tip: If you set the cloned request body to undefined, Angular assumes you intend to leave the body as is.

\n
\n\n newReq = req.clone({ ... }); // body not mentioned => preserve original body\n newReq = req.clone({ body: undefined }); // preserve original body\n newReq = req.clone({ body: null }); // clear the body\n\n

Http interceptor use-caseslink

\n

Below are a number of common uses for interceptors.

\n

Setting default headerslink

\n

Apps often use an interceptor to set default headers on outgoing requests.

\n

The sample app has an AuthService that produces an authorization token.\nHere is its AuthInterceptor that injects that service to get the token and\nadds an authorization header with that token to every outgoing request:

\n\nimport { AuthService } from '../auth.service';\n\n@Injectable()\nexport class AuthInterceptor implements HttpInterceptor {\n\n constructor(private auth: AuthService) {}\n\n intercept(req: HttpRequest<any>, next: HttpHandler) {\n // Get the auth token from the service.\n const authToken = this.auth.getAuthorizationToken();\n\n // Clone the request and replace the original headers with\n // cloned headers, updated with the authorization.\n const authReq = req.clone({\n headers: req.headers.set('Authorization', authToken)\n });\n\n // send cloned request with header to the next handler.\n return next.handle(authReq);\n }\n}\n\n\n

The practice of cloning a request to set new headers is so common that\nthere's a setHeaders shortcut for it:

\n\n// Clone the request and set the new header in one step.\nconst authReq = req.clone({ setHeaders: { Authorization: authToken } });\n\n\n

An interceptor that alters headers can be used for a number of different operations, including:

\n\n

Logging request and response pairslink

\n

Because interceptors can process the request and response together, they can perform tasks such as timing and logging an entire HTTP operation.

\n

Consider the following LoggingInterceptor, which captures the time of the request,\nthe time of the response, and logs the outcome with the elapsed time\nwith the injected MessageService.

\n\nimport { finalize, tap } from 'rxjs/operators';\nimport { MessageService } from '../message.service';\n\n@Injectable()\nexport class LoggingInterceptor implements HttpInterceptor {\n constructor(private messenger: MessageService) {}\n\n intercept(req: HttpRequest<any>, next: HttpHandler) {\n const started = Date.now();\n let ok: string;\n\n // extend server response observable with logging\n return next.handle(req)\n .pipe(\n tap(\n // Succeeds when there is a response; ignore other events\n event => ok = event instanceof HttpResponse ? 'succeeded' : '',\n // Operation failed; error is an HttpErrorResponse\n error => ok = 'failed'\n ),\n // Log when response observable either completes or errors\n finalize(() => {\n const elapsed = Date.now() - started;\n const msg = `${req.method} \"${req.urlWithParams}\"\n ${ok} in ${elapsed} ms.`;\n this.messenger.add(msg);\n })\n );\n }\n}\n\n\n

The RxJS tap operator captures whether the request succeeded or failed.\nThe RxJS finalize operator is called when the response observable either errors or completes (which it must),\nand reports the outcome to the MessageService.

\n

Neither tap nor finalize touch the values of the observable stream returned to the caller.

\n\n

Custom JSON parsinglink

\n

Interceptors can be used to replace the built-in JSON parsing with a custom implementation.

\n

The CustomJsonInterceptor in the following example demonstrates how to achieve this.\nIf the intercepted request expects a 'json' response, the reponseType is changed to 'text'\nto disable the built-in JSON parsing. Then the response is parsed via the injected JsonParser.

\n\n// The JsonParser class acts as a base class for custom parsers and as the DI token.\n@Injectable()\nexport abstract class JsonParser {\n abstract parse(text: string): any;\n}\n\n@Injectable()\nexport class CustomJsonInterceptor implements HttpInterceptor {\n constructor(private jsonParser: JsonParser) {}\n\n intercept(httpRequest: HttpRequest<any>, next: HttpHandler) {\n if (httpRequest.responseType === 'json') {\n // If the expected response type is JSON then handle it here.\n return this.handleJsonResponse(httpRequest, next);\n } else {\n return next.handle(httpRequest);\n }\n }\n\n private handleJsonResponse(httpRequest: HttpRequest<any>, next: HttpHandler) {\n // Override the responseType to disable the default JSON parsing.\n httpRequest = httpRequest.clone({responseType: 'text'});\n // Handle the response using the custom parser.\n return next.handle(httpRequest).pipe(map(event => this.parseJsonResponse(event)));\n }\n\n private parseJsonResponse(event: HttpEvent<any>) {\n if (event instanceof HttpResponse && typeof event.body === 'string') {\n return event.clone({body: this.jsonParser.parse(event.body)});\n } else {\n return event;\n }\n }\n}\n\n\n

You can then implement your own custom JsonParser.\nHere is a custom JsonParser that has a special date reviver.

\n\n@Injectable()\nexport class CustomJsonParser implements JsonParser {\n parse(text: string): any {\n return JSON.parse(text, dateReviver);\n }\n}\n\nfunction dateReviver(key: string, value: any) {\n/* . . . */\n}\n\n\n

You provide the CustomParser along with the CustomJsonInterceptor.

\n\n{ provide: HTTP_INTERCEPTORS, useClass: CustomJsonInterceptor, multi: true },\n{ provide: JsonParser, useClass: CustomJsonParser },\n\n\n\n

Caching requestslink

\n

Interceptors can handle requests by themselves, without forwarding to next.handle().

\n

For example, you might decide to cache certain requests and responses to improve performance.\nYou can delegate caching to an interceptor without disturbing your existing data services.

\n

The CachingInterceptor in the following example demonstrates this approach.

\n\n@Injectable()\nexport class CachingInterceptor implements HttpInterceptor {\n constructor(private cache: RequestCache) {}\n\n intercept(req: HttpRequest<any>, next: HttpHandler) {\n // continue if not cacheable.\n if (!isCacheable(req)) { return next.handle(req); }\n\n const cachedResponse = this.cache.get(req);\n return cachedResponse ?\n of(cachedResponse) : sendRequest(req, next, this.cache);\n }\n}\n\n\n\n\n\n/**\n * Get server response observable by sending request to `next()`.\n * Will add the response to the cache on the way out.\n */\nfunction sendRequest(\n req: HttpRequest<any>,\n next: HttpHandler,\n cache: RequestCache): Observable<HttpEvent<any>> {\n\n // No headers allowed in npm search request\n const noHeaderReq = req.clone({ headers: new HttpHeaders() });\n\n return next.handle(noHeaderReq).pipe(\n tap(event => {\n // There may be other events besides the response.\n if (event instanceof HttpResponse) {\n cache.put(req, event); // Update the cache.\n }\n })\n );\n}\n\n\n

Note how sendRequest() intercepts the response on its way back to the application.\nThis method pipes the response through the tap() operator, whose callback adds the response to the cache.

\n

The original response continues untouched back up through the chain of interceptors\nto the application caller.

\n

Data services, such as PackageSearchService, are unaware that\nsome of their HttpClient requests actually return cached responses.

\n\n

Using interceptors to request multiple valueslink

\n

The HttpClient.get() method normally returns an observable that emits a single value, either the data or an error.\nAn interceptor can change this to an observable that emits multiple values.

\n

The following revised version of the CachingInterceptor optionally returns an observable that\nimmediately emits the cached response, sends the request on to the npm web API,\nand emits again later with the updated search results.

\n\n// cache-then-refresh\nif (req.headers.get('x-refresh')) {\n const results$ = sendRequest(req, next, this.cache);\n return cachedResponse ?\n results$.pipe( startWith(cachedResponse) ) :\n results$;\n}\n// cache-or-fetch\nreturn cachedResponse ?\n of(cachedResponse) : sendRequest(req, next, this.cache);\n\n\n
\n

The cache-then-refresh option is triggered by the presence of a custom x-refresh header.

\n

A checkbox on the PackageSearchComponent toggles a withRefresh flag,\nwhich is one of the arguments to PackageSearchService.search().\nThat search() method creates the custom x-refresh header\nand adds it to the request before calling HttpClient.get().

\n
\n

The revised CachingInterceptor sets up a server request\nwhether there's a cached value or not,\nusing the same sendRequest() method described above.\nThe results$ observable makes the request when subscribed.

\n\n\n

Tracking and showing request progresslink

\n

Sometimes applications transfer large amounts of data and those transfers can take a long time.\nFile uploads are a typical example.\nYou can give the users a better experience by providing feedback on the progress of such transfers.

\n

To make a request with progress events enabled, you can create an instance of HttpRequest\nwith the reportProgress option set true to enable tracking of progress events.

\n\nconst req = new HttpRequest('POST', '/upload/file', file, {\n reportProgress: true\n});\n\n\n
\n

Tip: Every progress event triggers change detection, so only turn them on if you need to report progress in the UI.

\n

When using HttpClient.request() with an HTTP method, configure the method with\nobserve: 'events' to see all events, including the progress of transfers.

\n
\n

Next, pass this request object to the HttpClient.request() method, which\nreturns an Observable of HttpEvents (the same events processed by interceptors).

\n\n// The `HttpClient.request` API produces a raw event stream\n// which includes start (sent), progress, and response events.\nreturn this.http.request(req).pipe(\n map(event => this.getEventMessage(event, file)),\n tap(message => this.showProgress(message)),\n last(), // return last (completed) message to caller\n catchError(this.handleError(file))\n);\n\n\n

The getEventMessage method interprets each type of HttpEvent in the event stream.

\n\n/** Return distinct message for sent, upload progress, & response events */\nprivate getEventMessage(event: HttpEvent<any>, file: File) {\n switch (event.type) {\n case HttpEventType.Sent:\n return `Uploading file \"${file.name}\" of size ${file.size}.`;\n\n case HttpEventType.UploadProgress:\n // Compute and show the % done:\n const percentDone = Math.round(100 * event.loaded / event.total);\n return `File \"${file.name}\" is ${percentDone}% uploaded.`;\n\n case HttpEventType.Response:\n return `File \"${file.name}\" was completely uploaded!`;\n\n default:\n return `File \"${file.name}\" surprising upload event: ${event.type}.`;\n }\n}\n\n\n
\n

The sample app for this guide doesn't have a server that accepts uploaded files.\nThe UploadInterceptor in app/http-interceptors/upload-interceptor.ts\nintercepts and short-circuits upload requests\nby returning an observable of simulated events.

\n
\n

Optimizing server interaction with debouncinglink

\n

If you need to make an HTTP request in response to user input, it's not efficient to send a request for every keystroke.\nIt's better to wait until the user stops typing and then send a request.\nThis technique is known as debouncing.

\n

Consider the following template, which lets a user enter a search term to find an npm package by name.\nWhen the user enters a name in a search-box, the PackageSearchComponent sends\na search request for a package with that name to the npm web API.

\n\n<input (keyup)=\"search(getValue($event.target))\" id=\"name\" placeholder=\"Search\"/>\n\n<ul>\n <li *ngFor=\"let package of packages$ | async\">\n <b>{{package.name}} v.{{package.version}}</b> -\n <i>{{package.description}}</i>\n </li>\n</ul>\n\n\n

Here, the keyup event binding sends every keystroke to the component's search() method.

\n
\n

The type of $event.target is only EventTarget in the template.\nIn the getValue() method, the target is cast to an HTMLInputElement to allow type-safe access to its value property.

\n\ngetValue(target: EventTarget): string {\n return (target as HTMLInputElement).value;\n}\n\n\n
\n

The following snippet implements debouncing for this input using RxJS operators.

\n\nwithRefresh = false;\npackages$: Observable<NpmPackageInfo[]>;\nprivate searchText$ = new Subject<string>();\n\nsearch(packageName: string) {\n this.searchText$.next(packageName);\n}\n\nngOnInit() {\n this.packages$ = this.searchText$.pipe(\n debounceTime(500),\n distinctUntilChanged(),\n switchMap(packageName =>\n this.searchService.search(packageName, this.withRefresh))\n );\n}\n\nconstructor(private searchService: PackageSearchService) { }\n\n\n\n

The searchText$ is the sequence of search-box values coming from the user.\nIt's defined as an RxJS Subject, which means it is a multicasting Observable\nthat can also emit values for itself by calling next(value),\nas happens in the search() method.

\n

Rather than forward every searchText value directly to the injected PackageSearchService,\nthe code in ngOnInit() pipes search values through three operators, so that a search value reaches the service only if it's a new value and the user has stopped typing.

\n\n

The code sets packages$ to this re-composed Observable of search results.\nThe template subscribes to packages$ with the AsyncPipe\nand displays search results as they arrive.

\n
\n

See Using interceptors to request multiple values for more about the withRefresh option.

\n
\n

Using the switchMap() operatorlink

\n

The switchMap() operator takes a function argument that returns an Observable.\nIn the example, PackageSearchService.search returns an Observable, as other data service methods do.\nIf a previous search request is still in-flight (as when the network connection is poor),\nthe operator cancels that request and sends a new one.

\n

Note that switchMap() returns service responses in their original request order, even if the\nserver returns them out of order.

\n
\n

If you think you'll reuse this debouncing logic,\nconsider moving it to a utility function or into the PackageSearchService itself.

\n
\n

Security: XSRF protectionlink

\n

Cross-Site Request Forgery (XSRF or CSRF) is an attack technique by which the attacker can trick an authenticated user into unknowingly executing actions on your website.\nHttpClient supports a common mechanism used to prevent XSRF attacks.\nWhen performing HTTP requests, an interceptor reads a token from a cookie, by default XSRF-TOKEN, and sets it as an HTTP header, X-XSRF-TOKEN.\nSince only code that runs on your domain could read the cookie, the backend can be certain that the HTTP request came from your client application and not an attacker.

\n

By default, an interceptor sends this header on all mutating requests (such as POST)\nto relative URLs, but not on GET/HEAD requests or on requests with an absolute URL.

\n

To take advantage of this, your server needs to set a token in a JavaScript readable session cookie called XSRF-TOKEN on either the page load or the first GET request.\nOn subsequent requests the server can verify that the cookie matches the X-XSRF-TOKEN HTTP header, and therefore be sure that only code running on your domain could have sent the request.\nThe token must be unique for each user and must be verifiable by the server; this prevents the client from making up its own tokens.\nSet the token to a digest of your site's authentication cookie with a salt for added security.

\n

In order to prevent collisions in environments where multiple Angular apps share the same domain or subdomain, give each application a unique cookie name.

\n
\n

HttpClient supports only the client half of the XSRF protection scheme.\nYour backend service must be configured to set the cookie for your page, and to verify that\nthe header is present on all eligible requests.\nFailing to do so renders Angular's default protection ineffective.

\n
\n

Configuring custom cookie/header nameslink

\n

If your backend service uses different names for the XSRF token cookie or header,\nuse HttpClientXsrfModule.withOptions() to override the defaults.

\n\nimports: [\n HttpClientModule,\n HttpClientXsrfModule.withOptions({\n cookieName: 'My-Xsrf-Cookie',\n headerName: 'My-Xsrf-Header',\n }),\n],\n\n\n\n

Testing HTTP requestslink

\n

As for any external dependency, you must mock the HTTP backend so your tests can simulate interaction with a remote server.\nThe @angular/common/http/testing library makes it straightforward to set up such mocking.

\n

Angular's HTTP testing library is designed for a pattern of testing in which the app executes code and makes requests first.\nThe test then expects that certain requests have or have not been made,\nperforms assertions against those requests,\nand finally provides responses by \"flushing\" each expected request.

\n

At the end, tests can verify that the app has made no unexpected requests.

\n
\n

You can run these sample tests\nin a live coding environment.

\n

The tests described in this guide are in src/testing/http-client.spec.ts.\nThere are also tests of an application data service that call HttpClient in\nsrc/app/heroes/heroes.service.spec.ts.

\n
\n

Setup for testinglink

\n

To begin testing calls to HttpClient,\nimport the HttpClientTestingModule and the mocking controller, HttpTestingController,\nalong with the other symbols your tests require.

\n\n// Http testing module and mocking controller\nimport { HttpClientTestingModule, HttpTestingController } from '@angular/common/http/testing';\n\n// Other imports\nimport { TestBed } from '@angular/core/testing';\nimport { HttpClient, HttpErrorResponse } from '@angular/common/http';\n\n\n\n

Then add the HttpClientTestingModule to the TestBed and continue with\nthe setup of the service-under-test.

\n\ndescribe('HttpClient testing', () => {\n let httpClient: HttpClient;\n let httpTestingController: HttpTestingController;\n\n beforeEach(() => {\n TestBed.configureTestingModule({\n imports: [ HttpClientTestingModule ]\n });\n\n // Inject the http service and test controller for each test\n httpClient = TestBed.inject(HttpClient);\n httpTestingController = TestBed.inject(HttpTestingController);\n });\n /// Tests begin ///\n});\n\n\n

Now requests made in the course of your tests hit the testing backend instead of the normal backend.

\n

This setup also calls TestBed.inject() to inject the HttpClient service and the mocking controller\nso they can be referenced during the tests.

\n

Expecting and answering requestslink

\n

Now you can write a test that expects a GET Request to occur and provides a mock response.

\n\nit('can test HttpClient.get', () => {\n const testData: Data = {name: 'Test Data'};\n\n // Make an HTTP GET request\n httpClient.get<Data>(testUrl)\n .subscribe(data =>\n // When observable resolves, result should match test data\n expect(data).toEqual(testData)\n );\n\n // The following `expectOne()` will match the request's URL.\n // If no requests or multiple requests matched that URL\n // `expectOne()` would throw.\n const req = httpTestingController.expectOne('/data');\n\n // Assert that the request is a GET.\n expect(req.request.method).toEqual('GET');\n\n // Respond with mock data, causing Observable to resolve.\n // Subscribe callback asserts that correct data was returned.\n req.flush(testData);\n\n // Finally, assert that there are no outstanding requests.\n httpTestingController.verify();\n});\n\n\n

The last step, verifying that no requests remain outstanding, is common enough for you to move it into an afterEach() step:

\n\nafterEach(() => {\n // After every test, assert that there are no more pending requests.\n httpTestingController.verify();\n});\n\n\n

Custom request expectationslink

\n

If matching by URL isn't sufficient, it's possible to implement your own matching function.\nFor example, you could look for an outgoing request that has an authorization header:

\n\n// Expect one request with an authorization header\nconst req = httpTestingController.expectOne(\n request => request.headers.has('Authorization')\n);\n\n\n

As with the previous expectOne(),\nthe test fails if 0 or 2+ requests satisfy this predicate.

\n

Handling more than one requestlink

\n

If you need to respond to duplicate requests in your test, use the match() API instead of expectOne().\nIt takes the same arguments but returns an array of matching requests.\nOnce returned, these requests are removed from future matching and\nyou are responsible for flushing and verifying them.

\n\n// get all pending requests that match the given URL\nconst requests = httpTestingController.match(testUrl);\nexpect(requests.length).toEqual(3);\n\n// Respond to each request with different results\nrequests[0].flush([]);\nrequests[1].flush([testData[0]]);\nrequests[2].flush(testData);\n\n\n

Testing for errorslink

\n

You should test the app's defenses against HTTP requests that fail.

\n

Call request.flush() with an error message, as seen in the following example.

\n\nit('can test for 404 error', () => {\n const emsg = 'deliberate 404 error';\n\n httpClient.get<Data[]>(testUrl).subscribe(\n data => fail('should have failed with the 404 error'),\n (error: HttpErrorResponse) => {\n expect(error.status).toEqual(404, 'status');\n expect(error.error).toEqual(emsg, 'message');\n }\n );\n\n const req = httpTestingController.expectOne(testUrl);\n\n // Respond with mock error\n req.flush(emsg, { status: 404, statusText: 'Not Found' });\n});\n\n\n

Alternatively, you can call request.error() with an ErrorEvent.

\n\nit('can test for network error', () => {\n const emsg = 'simulated network error';\n\n httpClient.get<Data[]>(testUrl).subscribe(\n data => fail('should have failed with the network error'),\n (error: HttpErrorResponse) => {\n expect(error.error.message).toEqual(emsg, 'message');\n }\n );\n\n const req = httpTestingController.expectOne(testUrl);\n\n // Create mock ErrorEvent, raised when something goes wrong at the network level.\n // Connection timeout, DNS error, offline, etc\n const mockError = new ErrorEvent('Network error', {\n message: emsg,\n });\n\n // Respond with mock error\n req.error(mockError);\n});\n\n\n\n \n
\n\n\n" }