/pʊt/
n. “Replace it, overwrite it, make it exactly this.”
PUT is an HTTP request method used to update or replace a resource on a server with the data provided in the request body. Unlike POST, which typically creates a new resource or triggers an action, PUT is idempotent — sending the same request multiple times results in the same state on the server without creating duplicates.
For example, if a web application manages user profiles at /users/123, sending a PUT request with updated data such as name, email, or preferences will replace the existing profile with the new content. Repeating this request does not duplicate the profile — it simply enforces the specified state.
In RESTful APIs, PUT is often paired with resource URLs to indicate exactly which entity should be replaced. If the resource does not exist, some implementations may create it (sometimes referred to as “upsert”), though this behavior depends on the API specification.
PUT requests require the client to send the complete representation of the resource. Partial updates are usually handled by PATCH, which modifies only specified fields. This distinction ensures that PUT operations are predictable and consistent.
Security considerations include validating and sanitizing all incoming data, ensuring that only authorized users can modify the resource, and encrypting requests with TLS to protect data in transit. In modern web development, PUT is frequently used for updating user data, configurations, or documents via APIs in SaaS or cloud platforms like IaaS and PaaS.
In short, PUT enforces a precise server-side state, allowing developers to overwrite resources safely, predictably, and repeatedly without unintended duplication. It complements POST, GET, and DELETE to provide the essential toolkit of CRUD operations that power RESTful web services.