CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact
← Back to glossary

HTTP in Python — requests & httpx

Python Python 3.7+ Beginner
debt(d5/e1/b3/t5)
d5 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'specialist tool catches' (d5) — semgrep/ruff rules can flag requests.get() without timeout, but default linters won't catch missing raise_for_status() or Session reuse issues; many problems only surface in production under slow upstream conditions.

e1 Effort Remediation debt — work required to fix once spotted

Closest to 'one-line patch' (e1) — quick_fix is adding a timeout=N parameter or swapping requests.get for httpx.get; per-call fixes are trivial single-line edits.

b3 Burden Structural debt — long-term weight of choosing wrong

Closest to 'localised tax' (b3) — HTTP client choice applies to web/cli contexts and tends to be used across many call sites, but switching libraries (requests↔httpx) is mechanical since APIs are similar; doesn't shape system architecture.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap' (t5) — misconception that urllib≈requests and that requests has sensible defaults; the no-default-timeout behavior is a well-documented gotcha that devs typically learn only after a production hang.

About DEBT scoring → scored by claude-opus-4-7 · 2026-05-11 · reviewed by human

Also Known As

requests library httpx Python HTTP urllib

TL;DR

requests is the standard sync HTTP library; httpx adds async support, HTTP/2, and a similar API — both far more ergonomic than urllib.

Explanation

requests: synchronous HTTP with a clean API — Session for connection pooling, automatic JSON encoding/decoding, timeout parameter (always set it), retry with HTTPAdapter. httpx: requests-compatible API plus async (async with httpx.AsyncClient()), HTTP/2 support, better streaming. Key practices: always set timeout, use sessions for multiple requests to the same host (connection reuse), check response.raise_for_status() rather than manual status code checking, and never disable SSL verification (verify=False is insecure).

Common Misconception

urllib is equivalent to requests — urllib requires manual encoding, header management, and error handling; requests provides a dramatically simpler API with the same power.

Why It Matters

HTTP without timeout is a reliability disaster — a single slow upstream server hangs the entire process indefinitely; always setting timeout is the difference between a resilient and a fragile service.

Common Mistakes

  • No timeout parameter — process hangs indefinitely on slow servers.
  • Not using Session for multiple requests — creates a new TCP connection per request.
  • verify=False to bypass SSL — disables certificate verification, enabling MITM.
  • Not calling raise_for_status() — 400/500 responses silently succeed without it.

Code Examples

✗ Vulnerable 
import requests
# No timeout — hangs forever if server is slow:
response = requests.get('https://api.example.com/data')
# No error check — 500 treated as success:
data = response.json()

# New connection every request:
for url in urls:
    requests.get(url)  # New TCP connection each time
✓ Fixed 
import requests
from requests.adapters import HTTPAdapter
from urllib3.util.retry import Retry

# Session with retry and timeout:
session = requests.Session()
retry = Retry(total=3, backoff_factor=0.3, status_forcelist=[500, 502, 503])
session.mount('https://', HTTPAdapter(max_retries=retry))

response = session.get('https://api.example.com/data', timeout=(3.05, 27))
response.raise_for_status()  # Raises for 4xx/5xx
data = response.json()

# Async with httpx:
async with httpx.AsyncClient(timeout=30) as client:
    response = await client.get(url)
    response.raise_for_status()
Added 16 Mar 2026
Edited 22 Mar 2026
Views 117

Curated in Warsaw under one editorial standard. 1,506 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings T 1 ping W 1 ping T 0 pings F 0 pings S 1 ping S 0 pings M 0 pings T 0 pings W 2 pings T 1 ping F 0 pings S 0 pings S 1 ping M 0 pings T 1 ping W 0 pings T 0 pings F 0 pings S 0 pings S 0 pings M 1 ping T 0 pings W 0 pings T 1 ping F 0 pings S 1 ping S 0 pings M 0 pings T 0 pings W
Agents 0
No pings yet today
No pings yesterday
Perplexity 36 ChatGPT 18 Amazonbot 17 Google 9 Ahrefs 4 Unknown AI 3 SEMrush 3 Qwen 2 Claude 2 Scrapy 2 Bing 1 Meta AI 1
Also referenced
Python async/await & asyncio 54 Context Managers & with Statement 51 Encryption in Transit 51
How they use it
crawler 94 crawler_json 4
Related categories
python 1.2k cryptography 812
DEV INTEL Tools & Severity
🟡 Medium ⚙ Fix effort: Low
⚡ Quick Fix
Use httpx instead of requests for new Python code — it has the same API but supports async, HTTP/2, and proper timeout defaults; always set explicit timeouts on all HTTP calls
📦 Applies To
python 3.7 web cli
🔗 Prerequisites
🔍 Detection Hints
requests.get() without timeout parameter; no retry logic for transient failures; blocking HTTP call in async context
Auto-detectable: ✓ Yes pylint ruff semgrep
⚠ Related Problems
🤖 AI Agent
Confidence: Medium False Positives: Medium ✗ Manual fix Fix: Low Context: Function Tests: Update
CWE-400
✓ schema.org compliant