Search⌘ K
AI Features
Home
Courses
Grokking the Frontend System Design Interview

Client-Server Communication Protocols

Explore fundamental client-server communication protocols crucial for frontend system design. Understand how HTTP facilitates stateless interactions, RPC enables remote procedure calls, and WebSockets support real-time, full-duplex communication. This lesson helps you grasp protocol roles, message structures, and use cases to optimize frontend-backend interactions.

We'll cover the following...

The internet is a global network of interconnected computers that enables communication and data exchange using standardized protocols like TCP/IP. The World Wide Web (WWW) is a system of interlinked documents and resources accessed via the internet using protocols like HTTP and HTTPS. The interconnected computers over the WWW are broadly divided into two categories–clients and servers. The clients request resources from the server, and the server entertains the requests based on certain conditions. This communication between the client and server is carried out with the help of an APIApplication programming interface. One might use many technologies for client-server communication, but we’ll focus on the HTTP, RPC, and WebSocket protocols.

We’ll start with the HTTP protocol, which is the primary use case in most applications. The other two (RPC and WebSockets) are used extensively in different use cases. We believe these three collectively cover the major concepts of client-server communications.

Web protocols

In frontend System Design, well-defined web protocols ensure seamless interoperabilityInteroperability here means that different browsers, devices, and frontend applications can communicate with backend services regardless of their underlying implementations. between the browser (client) and server, allowing smooth data exchange and user interactions.

Web protocols operate over TCP/IP, where a user clicks a link on a web page, and the browser uses DNS to resolve the domain name to its corresponding IP address before connecting to the server. It then establishes a TCP connection, initiates a TLS handshake (if using HTTPS), and requests the web page and any related resource. Finally, the browser renders the page, closing the TCP connections. This information flow between clients and servers is facilitated by a hypertext transfer protocol (HTTP) protocol, as shown below:

A bird’s eye view of client-server communication using HTTP protocol
A bird’s eye view of client-server communication using HTTP protocol

Application-layer protocols such as the file transfer protocol (FTP), simple mail transport protocol (SMTP), HTTP, and so on use lower-layer protocols like transmission control protocol (TCP), user datagram protocol (UDP), and internet protocol (IP) to provide services to end users.

Let’s explore how HTTP protocol works and enables client and server communication.

Hypertext transfer protocol (HTTP)

The hypertext transfer protocol (HTTP) is a statelessA stateless protocol is one in which each request is considered independent of any other request. This makes it simple to implement., application-layer protocol for distributed and hypermedia information systems. It’s the foundation of data communication and is considered the de facto standard for client-server resource sharing. Web servers and client applications (browsers) must adhere to the message formats and transmission methods provided in the HTTP specifications. For instance, when we type a URL into a browser, the web server receives an HTTP request directing it to fetch and deliver the specified web page.

HTTP is based on request and response, where one program (the client) requests another program (the server), and the server returns a response. The client usually makes requests in the form of HTTP commands, and the server responds with data in the form of documents. These commands are structured by different API architecture styles discussed in the next lesson.

HTTP methods

The HTTP protocol is packed with several methods that clients use to request an action from the server. These methods are discussed in the following table:

Common HTTP Methods and their Purpose

HTTP Methods

Purpose and Features

Status Codes

GET

  • Requests a resource from the web server.

200 OK, 404 Not Found, 304 Not Modified


POST

  • Sends user-generated data to the server.

201 Created, 400 Bad Request, 409 Conflict

PUT

  • Creates a new source or updates the existing one.
  • Completely replaces whatever is present on the target URL.

200 OK, 204 No Content, 404 Not Found

DELETE

  • Deletes a resource from the server.

200 OK, 204 No Content, 404 Not Found

TRACE

  • Echos the content of an incoming HTTP request.
  • Mainly used for debugging purposes.

200 OK

CONNECT

  • Makes a secure connection with a web server.

200 OK (successful tunnel), 403 Forbidden (blocked)

OPTIONS

  • Queries options for a page supported by a web server.

200 OK (if methods are supported), 405 Method Not Allowed (if not supported)

HEAD

  • Requests information regarding a resource.
  • Faster than other methods because the response message is brief.

200 OK (if resource exists), 404 Not Found (if not found), 403 Forbidden (if access denied)

After gaining a basic understanding of HTTP methods, let’s look at how an HTTP message flows between client and server using one of these methods.

HTTP message flow

HTTP communication is initiated by the clients sending a request to the server, and as long as the request conforms to HTTP standards, the server will respond with the requested resources, regardless of the type of client:

Client-server communication using HTTP protocol
Client-server communication using HTTP protocol

HTTP request structure

An HTTP request message is composed of the following four components:

  • Method: HTTP provides built-in methods that determine what action a client wants to request/perform.

  • The request-target and version: It can be a URL or URI, a unique address or identifier that uniquely determines a resource’s location over the internet. For example, the URL https://www.educative.io/courses/grokking-modern-system-design-interview uniquely identifies an Educative course titled Grokking Modern System Design Interview. It also shows which version of HTTP is being used. The version part contains the HTTP version used for the request, for example, HTTP/1.1 or HTTP/2.0.

  • Headers: HTTP headers allow clients to pass additional information between the communicating entities. The request headers mainly contain the following information:

    • Server information from where data is requested.

    • Information about the browser being used by the user.

    • The kind of data formats a client can accept.

  • Body: The body part of the HTTP request is used to communicate any application data a client wants to communicate to the server.

HTTP request structure
HTTP request structure

HTTP response structure

The HTTP response has the same format as the request with the following modifications:

  • The method in the request is replaced with the HTTP version in response.

  • The URL in the request is replaced with a status code in response.

  • The HTTP version in the request is replaced with the phrase in response.

HTTP response structure
HTTP response structure

A sample HTTP request and response is shown below, including all the parts:

HTTP request format
HTTP response format
POST /articles/index.html HTTP/1.1
Host: www.example.com
Connection: Keep-Alive
User-Agent: Mozilla/5.0
Content-Type: application/json
Content-Length: 80
Accept-Language: en-us
Accept-Encoding: gzip, deflate
{
  "Id": 45321,
  "Customer": "Mark Brown",
  "Quantity": 10,
  "Price": 199.0
}
HTTP request format

Note: HTTP is a stateless protocol used for communication between clients and servers, but it transmits data in plain text. HTTPS enhances security by encrypting data using TLS/SSLTransport layer security/Secure socket layer, ensuring secure and private communication.

1.

Which parts of the request and response messages are encrypted while using HTTPS?

Show Answer
Did you find this helpful?

But as we all know, HTTP has evolved and comes with different versions, i.e., HTTP/1.1, HTTP/2.0, etc. The following table summarizes the differences between different versions of HTTP:

Comparison of Different Versions of HTTP

Version

Methods Supported

Support for Headers

Connection Nature

Other


HTTP/0.9

GET


No

Terminates immediately after the response.

  • Only supports hypertext


HTTP/1.0

HEAD, GET, POST


Yes

Terminates immediately after the response.

  • Supports hypertext, hypermedia and other files, such as scripts




HTTP/1.1

HEAD, GET, POST, PUT, DELETE, TRACE, OPTIONS




Yes




Persistent

  • Extended HTTP methods
  • Pipelining
  • Encoding
  • Virtual hosting
  • Upgrade header
  • Cache headers




HTTP/2.0

HEAD, GET, POST, PUT, DELETE, TRACE, OPTIONS



Yes



Persistent

  • Backward compatibility: Flexibility to choose any version of the HTTP for communication
  • Multiplexing
  • Headers compression (reduces latency and optimizes bandwidth)



HTTP/3.0

HEAD, GET, POST, PUT, DELETE, TRACE, OPTIONS



Yes



Persistent

  • Instead of relying on TCP, it utilizes QUIC on top of UDP
  • Solves the major problem known as head-on-line blocking
  • 3x faster than HTTP/1.1

Remote procedure call (RPC)

A remote procedure call (RPC) architecture is a service or action-oriented style of creating APIs, where resources are distributed among different services running on remote machines. RPC facilitates interprocess communication by enabling clients to run remote procedures (functions) in a simple local function-call-likeFor example, a simple programming function that is called to return a value after performing some operations that are hidden from the callee. abstraction. A generic RPC architecture is shown in the illustration below:

Interprocess communication over an RPC architecture
Interprocess communication over an RPC architecture

The table below elaborates the individual components of a remote procedure call:

Components

Description

Client stub

  • Representation of the function in the client-side environment
  • Receives the function call from the client application, which is packed into an RPC message and forwarded to the runtime RPC

Runtime RPC

IDL

  • Interface definition language, which is used to define functions at remote ends

IDL compiler

  • Generates client- and server-side compatible codes for client and server stubs

IDL header

  • List of available functions that can be used by clients and servers

Server stub

  • Representation of the function in the server-side environment
  • Receives the RPC message from the runtime RPC, which is unpacked into a server-side function call

The RPC runtime is the actual software program that does the heavy lifting and glues all the components together. It communicates with the underlying operating system and network interface to transfer data over the wire.

How does RPC work?

RPC follows a request-response model. The client initiates a call, and data is packed and forwarded to the RPC runtime. A network connection is established to transmit the request to the remote server. The server processes the request and sends back the response through the same process.

Request and response

Before we discuss the request initialization, we must understand the two IDL header types.

  • Import module: A component added to the client side, specifying a list of functions it can call.

  • Export module: A component added to the server side, specifying a list of functions it can perform.

The import and export modules defined in the IDL headers maintain a list of remote functions provided by the API, along with the format of input parameters and returned responses. A client initiates an RPC request, which must specify a function identifier and parameter list consistent with the signatures provided by the IDL import module.

Let’s look at a hypothetical example of an RPC available at the example.com/rpc-demo endpoint. We’ll call the demo RPC that accepts a single string parameter of greeting. The request and response headers sent and received by a JSON-RPC client are as follows:

Request

The HTTP post request headers for the JSON-RPC service are as follows:

POST example.com/rpc-demo HTTP/1.1
Content-Type: application/json
Content-Length: xxx 

{
    "jsonrpc": "2.0",
    "method": "demo",
    "params": ["greeting": "Hi"],
    "id": "99"
}
Response

For a successful API call, the returned HTTP response headers look like this:

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: xxx

{
    "jsonrpc": "2.0",
    "id": "99" ,
    "result": "Hello!"
}

Note: For simplicity, we’ve removed unnecessary fields from the request and response headers given above. Also, we’ll learn more about data formats, for example, JSON, in the coming lessons.

1.

How does the server know that a particular request is intended for it?

Show Answer
1 / 2

WebSockets

WebSocket was introduced in 2011 to enable full-duplexA simultaneous two-way communication of sending and receiving data. asynchronous communication over a single TCP connection to use resources efficiently. HTTP connection restricts TCP to a one-sided communication, where the client always starts the communication due to the request-response model. In other words, the client first sends requests, then the server responds to them, which is a half-duplex communication. In contrast, WebSockets fully utilize the TCP connection, allowing clients and servers to send or receive data on demand, as follows:

Half-duplex HTTP and full-duplex WebSocket connections
Half-duplex HTTP and full-duplex WebSocket connections

WebSocket leverages the core TCP channel utilizing its full-duplex nature. Data can be sent and received simultaneously by the client and the server. Websocket is a stateful protocolStoring connection related information on the participating machines. that performs relatively faster than HTTP because it’s lightweight and carries the overhead of large headers with each request.

Note: The WebSocket protocol is detailed in IETF's RFC 6455Fette, I., and A. Melnikov. 2011. “The WebSocket Protocol.” RFC. https://doi.org/10.17487/rfc6455. ‌, whereas its API documentation maintained by W3C is available here“WebSockets Standard.” n.d. Websockets.spec.whatwg.org. Accessed March 31, 2023. https://websockets.spec.whatwg.org//#the-websocket-interface. ‌.

How does it work?

A WebSocket connection starts with an HTTP connection established through a three-way TCP handshake. Afterward, an HTTP GET request is initiated to switch the protocol to WebSocket. The connection upgrade request can be accepted or rejected by the HTTP server. If the server is compatible with the WebSocket protocol and the upgrade request is valid, the connection is upgraded to a WebSocket connection. The response contains the status code 101 (Switching Protocols) and the value for the field, Sec-WebSocket-Accept.

HTTP Upgrade headers

The headers of the initial switching protocol request are shown below:

The Upgrade request
GET / HTTP/1.1
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Key: eB9AWsQe8+SDcwWRjpGSow==
sec-websocket-version: 13
The Upgrade response
HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Accept: zglqWZt8l79gwpiFBgKihrobE8I=

Note: For simplicity, we have removed some fields from the headers above.

The headers above contain the following noticeable fields:

  • Status code 101 shows that the protocol is successfully upgraded and can send WebSocket framesThe number of bytes, defined and used in different network protocols, is the unit of transmission..

  • The Sec-WebSocket-Key is a base64A binary encoding scheme.-encoded 16-byte value that the server uses to verify that the upgrade request is coming from a legitimate client that understands the WebSocket protocol, and not a malformed HTTP request. This value is then encrypted using a hashing algorithm like SHA, MD5, and so on.

  • The server decrypts the value of the Sec-WebSocket-Key and generates the Sec-WebSocket-Accept field by prepending a Globally Unique Identifier (GUID) value to the client-provided Sec-WebSocket-Key. The value of Sec-WebSocket-Accept is also encrypted and sent back to the client, indicating that the server has accepted the connection upgrade.

Initial control frames are exchanged once the connection is established and successfully upgraded to WebSocket protocol. WebSocket has two types of frames: control and data frames, identified by a 4-bit opcodeShort for operation code, used to identify the type of operation..

1.

Why is it difficult to scale WebSockets horizontally?

Show Answer
Did you find this helpful?

After discussing different communication protocols, let’s recap the findings. The following table summarizes and compares the communication protocols against different features:

Feature

HTTP

RPC

WebSockets

Communication type

Request-Response (Stateless)

Request-Response (Can be Stateful)

Full-Duplex (Bidirectional)

Transport protocol

HTTP (Mostly over TCP)

TCP (Uses HTTP/2 in gRPC)

TCP

Message format

Text (JSON, HTML, XML)

Binary (Protobuf, Thrift, etc.)

Binary or Text (JSON, Protobuf, etc.)

Performance

Moderate

High (Optimized for speed)

High (Persistent connection)

Use cases

Request-response interactions

Service-service communication, Remote Procedure Calls

Real-time applications, Chat, Live Streaming

Connections

Opens and closes per request

Can maintain persistent connections

Persistent conncetion

Overhead

High (Headers in every request)

Lower than HTTP (Binary format, efficient encoding)

Low (Single connection, minimal overhead)

This lesson discussed HTTP, RPC, and WebSockets, comparing their communication models, performance, and use cases. Each protocol serves different needs, HTTP for standard web requests, RPC for efficient service-to-service communication, and WebSockets for real-time interactions, allowing us to choose the best fit based on our use case.