axios
Version:
Promise based HTTP client for the browser and node.js
1,260 lines (1,043 loc) β’ 90.7 kB
Markdown
<h3 align="center">π Platinum sponsors <br /></h3>
<table align="center">
<tr>
<td align="center" width="50%">
<a
href="https://thanks.dev/?utm_source=axios&utm_medium=sponsorlist&utm_campaign=sponsorship"
style="padding: 10px; display: inline-block"
target="_blank"
>
<img
width="90px"
height="90px"
src="https://images.opencollective.com/thanks-dev/360b917/logo/256.png?height=256"
alt="Thanks.dev"
/>
</a>
<p
align="center"
>
We're passionate about making open source sustainable. Scan your dependency tree to better understand which open source projects need funding.
</p>
<p align="center">
<a
href="https://thanks.dev/?utm_source=axios&utm_medium=readme_sponsorlist&utm_campaign=sponsorship"
target="_blank"
><b>thanks.dev</b></a
>
</p>
</td>
<td align="center" width="50%">
<a
href="https://hopper.security/?utm_source=axios&utm_medium=readme_sponsorlist&utm_campaign=sponsorship"
style="padding: 10px; display: inline-block"
target="_blank"
>
<img
width="90px"
height="90px"
src="https://images.opencollective.com/hopper-security/c4f7de2/avatar.png"
alt="Hopper Security"
/>
</a>
<p align="center">
Hopper provides a secure, open-source registry where every component is verified against malware and continuously remediated for vulnerabilities across all versions. In simple terms, Hopper removes the need to manage software supply chain risk altogether.
</p>
<p align="center">
<a
href="https://hopper.security/?utm_source=axios&utm_medium=readme_sponsorlist&utm_campaign=sponsorship"
target="_blank"
><b>hopper.security</b></a
>
</p>
</td>
</tr>
</table>
<table align="center">
<tr>
<td align="center" width="50%">
<a
href="https://opencollective.com/axios/contribute"
target="_blank"
>π Become a sponsor</a
>
</td>
<td align="center" width="50%">
<a
href="https://opencollective.com/axios/contribute"
target="_blank"
>π Become a sponsor</a
>
</td>
</tr>
</table>
<h3 align="center">π₯ Gold sponsors <br /></h3>
<table align="center" width="100%">
<tr width="33.333333333333336%">
<td align="center" width="33.333333333333336%">
<a
href="https://www.principal.com/about-us?utm_source=axios&utm_medium=sponsorlist&utm_campaign=sponsorship"
style="padding: 10px; display: inline-block"
target="_blank"
>
<img
width="90px"
height="90px"
src="https://images.opencollective.com/principal/431e690/logo.png"
alt="Principal Financial Group"
/>
</a>
<p
align="center"
>
Free tools to help with your financial planning needs!
</p>
<p align="center">
<a
href="https://www.principal.com/about-us?utm_source=axios&utm_medium=readme_sponsorlist&utm_campaign=sponsorship"
target="_blank"
><b>principal.com</b></a
>
</p>
</td>
<td align="center" width="33.333333333333336%">
<a
href="https://opensource.sap.com?utm_source=axios&utm_medium=sponsorlist&utm_campaign=sponsorship"
style="padding: 10px; display: inline-block"
target="_blank"
>
<img
width="90px"
height="90px"
src="https://avatars.githubusercontent.com/u/2531208?s=200&v=4"
alt="SAP"
/>
</a>
<p
align="center"
title="SAP SE, a global software company, is one of the largest vendors of ERP and other enterprise applications."
>
BSAP SE, a global software company, is one of the largest vendors of ERP and other enterprise applications.
</p>
<p align="center">
<a
href="https://opensource.sap.com?utm_source=axios&utm_medium=readme_sponsorlist&utm_campaign=sponsorship"
target="_blank"
><b>opensource.sap.com</b></a
>
</p>
</td>
<td align="center" width="33.333333333333336%">
<a
href="https://www.descope.com/?utm_source=axios&utm_medium=referral&utm_campaign=axios-oss-sponsorship"
style="padding: 10px; display: inline-block"
target="_blank"
>
<img
width="90px"
height="90px"
src="https://images.opencollective.com/descope/b53243e/logo.png"
alt="Descope"
/>
</a>
<p
align="center"
title="Hi, we're Descope! We are building something in the authentication space for app developers and canβt wait to place it in your hands."
>
Reduce user friction, prevent account takeover, and get a 360Β° view of your customer and agentic identities with the Descope External IAM platform.
</p>
<p align="center">
<a
href="https://www.descope.com/?utm_source=axios&utm_medium=referral&utm_campaign=axios-oss-sponsorship"
target="_blank"
><b>descope.com</b></a
>
</p>
</td>
</tr>
<tr width="33.333333333333336%">
<td align="center" width="33.333333333333336%">
<a
href="https://stytch.com/"
style="padding: 10px; display: inline-block"
target="_blank"
>
<img
width="90px"
height="90px"
src="https://images.opencollective.com/stytch/f84ce43/logo/256.png?height=256"
alt="Stytch"
/>
</a>
<p
align="center"
>
The identity platform for humans & AI agents
</p>
<p align="center">
<a
href="https://stytch.com"
target="_blank"
><b>stytch.com</b></a
>
</p>
</td>
<td align="center" width="33.333333333333336%">
<a
href="https://rxdb.info/?utm_source=axios_docs_website&utm_medium=website&utm_campaign=axios_open_collective_sponsorship&utm_content=logo"
style="padding: 10px; display: inline-block"
target="_blank"
>
<img
width="90px"
height="90px"
src="https://rxdb.info/files/logo/logo_text_white.svg"
alt="RxDB"
/>
</a>
<p
align="center"
>
RxDB is a NoSQL database for JavaScript that runs directly in your app.
</p>
<p align="center">
<a
href="https://rxdb.info/?utm_source=axios_docs_website&utm_medium=website&utm_campaign=axios_open_collective_sponsorship&utm_content=logo"
target="_blank"
><b>rxdb.info</b></a
>
</p>
</td>
<td align="center" width="33.333333333333336%">
<a
href="https://poprey.com/?utm_source=axios&utm_medium=sponsorlist&utm_campaign=sponsorship"
style="padding: 10px; display: inline-block"
target="_blank"
>
<img
width="70px"
height="70px"
src="https://images.opencollective.com/instagram-likes/2a72a03/avatar.png"
alt="Poprey"
/>
</a>
<p align="center">
Buy Instagram Likes
</p>
<p align="center">
<a
href="https://poprey.com/?utm_source=axios&utm_medium=readme_sponsorlist&utm_campaign=sponsorship"
target="_blank"
><b>poprey.com</b></a
>
</p>
</td>
</tr>
<tr width="33.333333333333336%">
<td align="center" width="33.333333333333336%">
<a
href="https://buzzoid.com/buy-instagram-followers/?utm_source=axios_docs_website&utm_medium=website&utm_campaign=axios_open_collective_sponsorship"
style="padding: 10px; display: inline-block"
target="_blank"
>
<img
width="71px"
height="70px"
src="https://images.opencollective.com/buzzoid-buy-instagram-followers/56a09fe/logo.png"
alt="Buzzoid"
/>
</a>
<p
align="center"
>
A lightweight open-source API Development, Testing & Mocking
platform
</p>
<p align="center">
<a
href="https://buzzoid.com/buy-instagram-followers/?utm_source=axios_docs_website&utm_medium=website&utm_campaign=axios_open_collective_sponsorship"
target="_blank"
><b>buzzoid.com</b></a
>
</p>
</td>
<td align="center" width="33.333333333333336%">
<a
href="https://opencollective.com/axios/contribute"
target="_blank"
>π Become a sponsor</a
>
</td>
<td align="center" width="33.333333333333336%">
<a
href="https://opencollective.com/axios/contribute"
target="_blank"
>π Become a sponsor</a
>
</td>
</tr>
</table>
<!--<div>marker</div>-->
<br><br>
<div align="center">
<a href="https://axios.rest"><img src="https://axios.rest/logo.svg" alt="Axios" /></a><br>
</div>
<p align="center">Promise based HTTP client for the browser and node.js</p>
<p align="center">
<a href="https://axios.rest/"><b>Website</b></a> β’
<a href="https://axios.rest/pages/getting-started/first-steps.html"><b>Documentation</b></a>
</p>
<div align="center">
[](https://www.npmjs.org/package/axios)
[](https://cdnjs.com/libraries/axios)
[](https://github.com/axios/axios/actions/workflows/ci.yml)
[](https://gitpod.io/#https://github.com/axios/axios)
[](https://coveralls.io/r/mzabriskie/axios)
[](https://packagephobia.now.sh/result?p=axios)
[](https://bundlephobia.com/package/axios@latest)
[](https://npm-stat.com/charts.html?package=axios)
[](https://gitter.im/mzabriskie/axios)
[](https://www.codetriage.com/axios/axios)
[](CONTRIBUTORS.md)
</div>
## Table of Contents
- [Features](#features)
- [Browser Support](#browser-support)
- [Installing](#installing)
- [Package manager](#package-manager)
- [CDN](#cdn)
- [Example](#example)
- [Axios API](#axios-api)
- [Request method aliases](#request-method-aliases)
- [Concurrency π](#concurrency-deprecated)
- [Creating an instance](#creating-an-instance)
- [Instance methods](#instance-methods)
- [Request Config](#request-config)
- [Response Schema](#response-schema)
- [Config Defaults](#config-defaults)
- [Global axios defaults](#global-axios-defaults)
- [Custom instance defaults](#custom-instance-defaults)
- [Config order of precedence](#config-order-of-precedence)
- [Interceptors](#interceptors)
- [Multiple Interceptors](#multiple-interceptors)
- [Handling Errors](#handling-errors)
- [Handling Timeouts](#handling-timeouts)
- [Cancellation](#cancellation)
- [AbortController](#abortcontroller)
- [CancelToken π](#canceltoken-deprecated)
- [Using application/x-www-form-urlencoded format](#using-applicationx-www-form-urlencoded-format)
- [URLSearchParams](#urlsearchparams)
- [Query string](#query-string-older-browsers)
- [π Automatic serialization](#-automatic-serialization-to-urlsearchparams)
- [Using multipart/form-data format](#using-multipartform-data-format)
- [FormData](#formdata)
- [π Automatic serialization](#-automatic-serialization-to-formdata)
- [Files Posting](#files-posting)
- [HTML Form Posting](#-html-form-posting-browser)
- [π Progress capturing](#-progress-capturing)
- [π Rate limiting](#-rate-limiting)
- [π AxiosHeaders](#-axiosheaders)
- [π₯ Fetch adapter](#-fetch-adapter)
- [π₯ Custom fetch](#-custom-fetch)
- [π₯ Using with Tauri](#-using-with-tauri)
- [π₯ Using with SvelteKit](#-using-with-sveltekit)
- [π₯ HTTP2](#-http2)
- [Semver](#semver)
- [Promises](#promises)
- [TypeScript](#typescript)
- [Contributing](#contributing)
- [Local setup](#local-setup)
- [Resources](#resources)
- [Credits](#credits)
- [License](#license)
## Features
- **Browser Requests:** Make [XMLHttpRequests](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest) directly from the browser.
- **Node.js Requests:** Make [http](https://nodejs.org/api/http.html) requests from Node.js environments.
- **Promise-based:** Fully supports the [Promise](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise) API for easier asynchronous code.
- **Interceptors:** Intercept requests and responses to add custom logic or transform data.
- **Data Transformation:** Transform request and response data automatically.
- **Request Cancellation:** Cancel requests using built-in mechanisms.
- **Automatic JSON Handling:** Automatically serializes and parses [JSON](https://www.json.org/json-en.html) data.
- **Form Serialization:** π Automatically serializes data objects to `multipart/form-data` or `x-www-form-urlencoded` formats.
- **XSRF Protection:** Client-side support to protect against [Cross-Site Request Forgery](https://en.wikipedia.org/wiki/Cross-site_request_forgery).
## Browser Support
| Chrome | Firefox | Safari | Opera | Edge |
| :------------------------------------------------------------------------------------------------------------: | :---------------------------------------------------------------------------------------------------------------: | :------------------------------------------------------------------------------------------------------------: | :---------------------------------------------------------------------------------------------------------: | :------------------------------------------------------------------------------------------------------: |
|  |  |  |  |  |
| Latest β | Latest β | Latest β | Latest β | Latest β |
[](https://saucelabs.com/u/axios)
## Installing
### Package manager
Using npm:
```bash
$ npm install axios
```
Using yarn:
```bash
$ yarn add axios
```
Using pnpm:
```bash
$ pnpm add axios
```
Using bun:
```bash
$ bun add axios
```
Once the package is installed, you can import the library using `import` or `require` approach:
```js
import axios, { isCancel, AxiosError } from 'axios';
```
You can also use the default export, since the named export is just a re-export from the Axios factory:
```js
import axios from 'axios';
console.log(axios.isCancel('something'));
```
If you use `require` for importing, **only the default export is available**:
```js
const axios = require('axios');
console.log(axios.isCancel('something'));
```
For some bundlers and some ES6 linters you may need to do the following:
```js
import { default as axios } from 'axios';
```
For cases where something went wrong when trying to import a module into a custom or legacy environment,
you can try importing the module package directly:
```js
const axios = require('axios/dist/browser/axios.cjs'); // browser commonJS bundle (ES2017)
// const axios = require('axios/dist/node/axios.cjs'); // node commonJS bundle (ES2017)
```
### CDN
Using jsDelivr CDN (ES5 UMD browser module):
```html
<script src="https://cdn.jsdelivr.net/npm/axios@1.13.2/dist/axios.min.js"></script>
```
Using unpkg CDN:
```html
<script src="https://unpkg.com/axios@1.13.2/dist/axios.min.js"></script>
```
## Example
```js
import axios from 'axios';
//const axios = require('axios'); // legacy way
try {
const response = await axios.get('/user?ID=12345');
console.log(response);
} catch (error) {
console.error(error);
}
// Optionally the request above could also be done as
axios
.get('/user', {
params: {
ID: 12345,
},
timeout: 5000, // 5 seconds β see "Handling Timeouts" below for matching error handling
})
.then(function (response) {
console.log(response);
})
.catch(function (error) {
console.log(error);
})
.finally(function () {
// always executed
});
// Want to use async/await? Add the `async` keyword to your outer function/method.
async function getUser() {
try {
const response = await axios.get('/user?ID=12345');
console.log(response);
} catch (error) {
console.error(error);
}
}
```
> **Note**: Set a `timeout` in production β without one, a stalled request can hang
> indefinitely. See [Handling Timeouts](#handling-timeouts) for the matching error handling.
> **Note**: `async/await` is part of ECMAScript 2017 and is not supported in Internet
> Explorer and older browsers, so use with caution.
Performing a `POST` request
```js
const response = await axios.post('/user', {
firstName: 'Fred',
lastName: 'Flintstone',
});
console.log(response);
```
Performing multiple concurrent requests
```js
function getUserAccount() {
return axios.get('/user/12345');
}
function getUserPermissions() {
return axios.get('/user/12345/permissions');
}
Promise.all([getUserAccount(), getUserPermissions()]).then(function (results) {
const acct = results[0];
const perm = results[1];
});
```
## axios API
Requests can be made by passing the relevant config to `axios`.
##### axios(config)
```js
// Send a POST request
axios({
method: 'post',
url: '/user/12345',
data: {
firstName: 'Fred',
lastName: 'Flintstone',
},
});
```
```js
// GET request for remote image in node.js
const response = await axios({
method: 'get',
url: 'https://bit.ly/2mTM3nY',
responseType: 'stream',
});
response.data.pipe(fs.createWriteStream('ada_lovelace.jpg'));
```
##### axios(url[, config])
```js
// Send a GET request (default method)
axios('/user/12345');
```
### Request method aliases
For convenience, aliases have been provided for all common request methods.
##### axios.request(config)
##### axios.get(url[, config])
##### axios.delete(url[, config])
##### axios.head(url[, config])
##### axios.options(url[, config])
##### axios.post(url[, data[, config]])
##### axios.put(url[, data[, config]])
##### axios.patch(url[, data[, config]])
###### NOTE
When using the alias methods `url`, `method`, and `data` properties don't need to be specified in config.
### Concurrency (Deprecated)
Please use `Promise.all` to replace the below functions.
Helper functions for dealing with concurrent requests.
axios.all(iterable)
axios.spread(callback)
### Creating an instance
You can create a new instance of axios with a custom config.
##### axios.create([config])
```js
const instance = axios.create({
baseURL: 'https://some-domain.com/api/',
timeout: 1000,
headers: { 'X-Custom-Header': 'foobar' },
});
```
### Instance methods
The available instance methods are listed below. The specified config will be merged with the instance config.
##### axios#request(config)
##### axios#get(url[, config])
##### axios#delete(url[, config])
##### axios#head(url[, config])
##### axios#options(url[, config])
##### axios#post(url[, data[, config]])
##### axios#put(url[, data[, config]])
##### axios#patch(url[, data[, config]])
##### axios#getUri([config])
## Request Config
### β οΈ Security notice: decompression-bomb protection is opt-in
By default `maxContentLength` and `maxBodyLength` are `-1` (unlimited). A malicious or compromised server can return a tiny gzip/deflate/brotli body that expands to gigabytes and exhaust the Node.js process.
If you call servers you do not fully trust, **set a cap**:
```js
axios.defaults.maxContentLength = 10 * 1024 * 1024; // 10 MB
axios.defaults.maxBodyLength = 10 * 1024 * 1024;
```
See the [security guide](https://axios.rest/pages/misc/security.html) for details.
These are the available config options for making requests. Only the `url` is required. Requests will default to `GET` if `method` is not specified.
```js
{
// `url` is the server URL that will be used for the request
url: '/user',
// `method` is the request method to be used when making the request
method: 'get', // default
// `baseURL` will be prepended to `url` unless `url` is absolute and the option `allowAbsoluteUrls` is set to true.
// It can be convenient to set `baseURL` for an instance of axios to pass relative URLs
// to the methods of that instance.
baseURL: 'https://some-domain.com/api/',
// `allowAbsoluteUrls` determines whether or not absolute URLs will override a configured `baseUrl`.
// When set to true (default), absolute values for `url` will override `baseUrl`.
// When set to false, absolute values for `url` will always be prepended by `baseUrl`.
allowAbsoluteUrls: true,
// `transformRequest` allows changes to the request data before it is sent to the server
// This is only applicable for request methods 'PUT', 'POST', 'PATCH' and 'DELETE'
// The last function in the array must return a string or an instance of Buffer, ArrayBuffer,
// FormData or Stream
// You may modify the headers object.
transformRequest: [function (data, headers) {
// Do whatever you want to transform the data
return data;
}],
// `transformResponse` allows changes to the response data to be made before
// it is passed to then/catch
transformResponse: [function (data) {
// Do whatever you want to transform the data
return data;
}],
// `parseReviver` is an optional function that will be passed as the
// second argument (reviver) to JSON.parse()
parseReviver: function (key, value, context) {
// In modern environments, context.source provides the raw JSON string
// allowing for precision-safe parsing of BigInt
if (typeof value === 'number' && context?.source) {
const isInteger = Number.isInteger(value);
const isUnsafe = !Number.isSafeInteger(value);
const isValidIntegerString = /^-?\d+$/.test(context.source);
if (isInteger && isUnsafe && isValidIntegerString) {
try {
return BigInt(context.source);
} catch {
// Fallback: return original value if parsing fails
}
}
}
return value;
},
// `headers` are custom headers to be sent
headers: {'X-Requested-With': 'XMLHttpRequest'},
// `params` are the URL parameters to be sent with the request
// Must be a plain object or a URLSearchParams object
params: {
ID: 12345
},
// `paramsSerializer` is an optional config that allows you to customize serializing `params`.
paramsSerializer: {
// Custom encoder function which sends key/value pairs in an iterative fashion.
encode?: (param: string): string => { /* Do custom operations here and return transformed string */ },
// Custom serializer function for the entire parameter. Allows the user to mimic pre 1.x behaviour.
serialize?: (params: Record<string, any>, options?: ParamsSerializerOptions ),
// Configuration for formatting array indexes in the params.
indexes: false, // Three available options: (1) indexes: null (leads to no brackets), (2) (default) indexes: false (leads to empty brackets), (3) indexes: true (leads to brackets with indexes).
// Maximum object nesting depth when serializing params. Payloads deeper than this throw an
// AxiosError with code ERR_FORM_DATA_DEPTH_EXCEEDED. Default: 100. Set to Infinity to disable.
maxDepth: 100
},
// `data` is the data to be sent as the request body
// Only applicable for request methods 'PUT', 'POST', 'DELETE', and 'PATCH'
// When no `transformRequest` is set, it must be of one of the following types:
// - string, plain object, ArrayBuffer, ArrayBufferView, URLSearchParams
// - Browser only: FormData, File, Blob
// - Node only: Stream, Buffer, FormData (form-data package)
data: {
firstName: 'Fred'
},
// `formDataHeaderPolicy` controls how node.js FormData#getHeaders() is copied.
// 'legacy' (default) copies all returned headers for v1 compatibility.
// 'content-only' copies only Content-Type and Content-Length.
formDataHeaderPolicy: 'legacy',
// syntax alternative to send data into the body
// method post
// only the value is sent, not the key
data: 'Country=Brasil&City=Belo Horizonte',
// `timeout` specifies the number of milliseconds before the request times out.
// If the request takes longer than `timeout`, the request will be aborted.
timeout: 1000, // default is `0` (no timeout)
// `withCredentials` indicates whether or not cross-site Access-Control requests
// should be made using credentials
// This only controls whether the browser sends credentials.
// It does not control whether the XSRF header is added.
withCredentials: false, // default
// `adapter` allows custom handling of requests which makes testing easier.
// Return a promise and supply a valid response (see lib/adapters/README.md)
adapter: function (config) {
/* ... */
},
// Also, you can set the name of the built-in adapter, or provide an array with their names
// to choose the first available in the environment
adapter: 'xhr', // 'fetch' | 'http' | ['xhr', 'http', 'fetch']
// `auth` indicates that HTTP Basic auth should be used, and supplies credentials.
// This will set an `Authorization` header, overwriting any existing
// `Authorization` custom headers you have set using `headers`.
// Please note that only HTTP Basic auth is configurable through this parameter.
// For Bearer tokens and such, use `Authorization` custom headers instead.
auth: {
username: 'janedoe',
password: 's00pers3cret'
},
// `responseType` indicates the type of data that the server will respond with
// options are: 'arraybuffer', 'document', 'json', 'text', 'stream'
// browser only: 'blob'
responseType: 'json', // default
// `responseEncoding` indicates encoding to use for decoding responses (Node.js only)
// Note: Ignored for `responseType` of 'stream' or client-side requests
// options are: 'ascii', 'ASCII', 'ansi', 'ANSI', 'binary', 'BINARY', 'base64', 'BASE64', 'base64url',
// 'BASE64URL', 'hex', 'HEX', 'latin1', 'LATIN1', 'ucs-2', 'UCS-2', 'ucs2', 'UCS2', 'utf-8', 'UTF-8',
// 'utf8', 'UTF8', 'utf16le', 'UTF16LE'
responseEncoding: 'utf8', // default
// `xsrfCookieName` is the name of the cookie to use as a value for the xsrf token
xsrfCookieName: 'XSRF-TOKEN', // default
// `xsrfHeaderName` is the name of the http header that carries the xsrf token value
xsrfHeaderName: 'X-XSRF-TOKEN', // default
// `withXSRFToken` defines whether to send the XSRF header in browser requests.
// `undefined` (default) - set XSRF header only for the same origin requests
// `true` - always set XSRF header, including for cross-origin requests
// `false` - never set XSRF header
// function - resolve with custom logic; receives the internal config object
withXSRFToken: boolean | undefined | ((config: InternalAxiosRequestConfig) => boolean | undefined),
// `withXSRFToken` controls whether Axios reads the XSRF cookie and sets the XSRF header.
// - `undefined` (default): the XSRF header is set only for same-origin requests.
// - `true`: attempt to set the XSRF header for all requests (including cross-origin).
// - `false`: never set the XSRF header.
// - function: a callback that receives the request `config` and returns `true`,
// `false`, or `undefined` to decide per-request behavior.
//
// Note about `withCredentials`: `withCredentials` controls whether cross-site
// requests include credentials (cookies and HTTP auth). In older Axios versions,
// setting `withCredentials: true` implicitly caused Axios to set the XSRF header
// for cross-origin requests. Newer Axios separates these concerns: to allow the
// XSRF header to be sent for cross-origin requests you should set both
// `withCredentials: true` and `withXSRFToken: true`.
//
// Example:
// axios.get('/user', { withCredentials: true, withXSRFToken: true });
// `onUploadProgress` allows handling of progress events for uploads
// browser & node.js
onUploadProgress: function ({loaded, total, progress, bytes, estimated, rate, upload = true}) {
// Do whatever you want with the Axios progress event
},
// `onDownloadProgress` allows handling of progress events for downloads
// browser & node.js
onDownloadProgress: function ({loaded, total, progress, bytes, estimated, rate, download = true}) {
// Do whatever you want with the Axios progress event
},
// `maxContentLength` defines the max size of the http response content in bytes allowed in node.js
maxContentLength: 2000,
// `maxBodyLength` (Node only option) defines the max size of the http request content in bytes allowed
maxBodyLength: 2000,
// `redact` masks matching config keys when AxiosError#toJSON() is called.
// Matching is case-insensitive and recursive. It does not change the request.
redact: ['authorization', 'password'],
// `validateStatus` defines whether to resolve or reject the promise for a given
// HTTP response status code. If `validateStatus` returns `true` (or is set to `null`
// or `undefined`), the promise will be resolved; otherwise, the promise will be
// rejected.
validateStatus: function (status) {
return status >= 200 && status < 300; // default
},
// `maxRedirects` defines the maximum number of redirects to follow in node.js.
// If set to 0, no redirects will be followed.
maxRedirects: 21, // default
// `beforeRedirect` defines a function that will be called before redirect.
// Use this to adjust the request options upon redirecting,
// to inspect the latest response headers,
// or to cancel the request by throwing an error
// If maxRedirects is set to 0, `beforeRedirect` is not used.
beforeRedirect: (options, { headers }) => {
if (
options.hostname === "example.com" &&
options.protocol === "https:"
) {
options.auth = "user:password";
}
},
// Security note:
// The `beforeRedirect` hook runs after sensitive headers are stripped during redirects.
//The `follow-redirects` library removes credentials on protocol downgrade (HTTPS β HTTP) for security.
//Since `beforeRedirect` runs after this, re-injecting credentials without checking the protocol can expose sensitive data.
//Always ensure credentials are only added for trusted HTTPS destinations.
// Security note:
// The beforeRedirect hook runs after sensitive headers are stripped during redirects.
// Re-injecting credentials without checking the destination can expose sensitive data.
// Only add credentials for trusted HTTPS destinations.
// Avoid re-adding credentials on downgraded redirects.
// `socketPath` defines a UNIX Socket to be used in node.js.
// e.g. '/var/run/docker.sock' to send requests to the docker daemon.
// Only either `socketPath` or `proxy` can be specified.
// If both are specified, `socketPath` is used.
//
// Security: when `socketPath` is set, hostname/port of the URL are ignored,
// which bypasses hostname-based SSRF protections. Never derive `socketPath`
// from untrusted input. Use `allowedSocketPaths` (below) to restrict accepted
// socket paths for defense-in-depth.
socketPath: null, // default
// `allowedSocketPaths` restricts which `socketPath` values are accepted.
// Accepts a string or array of strings. Entries and the incoming socketPath
// are compared after path.resolve(). A mismatch throws AxiosError with code
// `ERR_BAD_OPTION_VALUE`. When null/undefined, no restriction is applied.
allowedSocketPaths: null, // default
// `transport` determines the transport method that will be used to make the request.
// If defined, it will be used. Otherwise, if `maxRedirects` is 0,
// the default `http` or `https` library will be used, depending on the protocol specified in `protocol`.
// Otherwise, the `httpFollow` or `httpsFollow` library will be used, again depending on the protocol,
// which can handle redirects.
transport: undefined, // default
// `httpAgent` and `httpsAgent` define a custom agent to be used when performing http
// and https requests, respectively, in node.js. This allows options to be added like
// `keepAlive` that are not enabled by default before Node.js v19.0.0. After Node.js
// v19.0.0, you no longer need to customize the agent to enable `keepAlive` because
// `http.globalAgent` has `keepAlive` enabled by default.
httpAgent: new http.Agent({ keepAlive: true }),
httpsAgent: new https.Agent({ keepAlive: true }),
// `proxy` defines the hostname, port, and protocol of the proxy server.
// You can also define your proxy using the conventional `http_proxy` and
// `https_proxy` environment variables. If you are using environment variables
// for your proxy configuration, you can also define a `no_proxy` environment
// variable as a comma-separated list of domains that should not be proxied.
// Use `false` to disable proxies, ignoring environment variables.
// `auth` indicates that HTTP Basic auth should be used to connect to the proxy, and
// supplies credentials.
// This will set a `Proxy-Authorization` header, overwriting any existing
// `Proxy-Authorization` custom headers you have set using `headers`.
// If the proxy server uses HTTPS, then you must set the protocol to `https`.
// A user-supplied `Host` header in `headers` is preserved when forwarding
// through a proxy (case-insensitive match on `host`/`Host`/`HOST`); this
// lets you target a virtual host that differs from the request URL β for
// example, hitting `127.0.0.1:4000` while having the proxy treat the
// request as `example.com`. If no `Host` header is supplied, axios
// defaults it to the request URL's `hostname:port` as before.
proxy: {
protocol: 'https',
host: '127.0.0.1',
// hostname: '127.0.0.1' // Takes precedence over 'host' if both are defined
port: 9000,
auth: {
username: 'mikeymike',
password: 'rapunz3l'
}
},
// `cancelToken` specifies a cancel token that can be used to cancel the request
// (see Cancellation section below for details)
cancelToken: new CancelToken(function (cancel) {
}),
// an alternative way to cancel Axios requests using AbortController
signal: new AbortController().signal,
// `decompress` indicates whether or not the response body should be decompressed
// automatically. If set to `true` will also remove the 'content-encoding' header
// from the responses objects of all decompressed responses
// - Node only (XHR cannot turn off decompression)
decompress: true, // default
// `insecureHTTPParser` boolean.
// Indicates where to use an insecure HTTP parser that accepts invalid HTTP headers.
// This may allow interoperability with non-conformant HTTP implementations.
// Using the insecure parser should be avoided.
// see options https://nodejs.org/dist/latest-v12.x/docs/api/http.html#http_http_request_url_options_callback
// see also https://nodejs.org/en/blog/vulnerability/february-2020-security-releases/#strict-http-header-parsing-none
insecureHTTPParser: undefined, // default
// transitional options for backward compatibility that may be removed in the newer versions
transitional: {
// silent JSON parsing mode
// `true` - ignore JSON parsing errors and set response.data to null if parsing failed (old behaviour)
// `false` - throw SyntaxError if JSON parsing failed
// Important: this option only takes effect when `responseType` is explicitly set to 'json'.
// When `responseType` is omitted (defaults to no value), axios uses `forcedJSONParsing`
// to attempt JSON parsing, but will silently return the raw string on failure regardless
// of this setting. To have invalid JSON throw errors, use:
// { responseType: 'json', transitional: { silentJSONParsing: false } }
silentJSONParsing: true, // default value for the current Axios version
// try to parse the response string as JSON even if `responseType` is not 'json'
forcedJSONParsing: true,
// throw ETIMEDOUT error instead of generic ECONNABORTED on request timeouts
clarifyTimeoutError: false,
// use the legacy interceptor request/response ordering
legacyInterceptorReqResOrdering: true, // default
},
env: {
// The FormData class to be used to automatically serialize the payload into a FormData object
FormData: window?.FormData || global?.FormData
},
formSerializer: {
visitor: (value, key, path, helpers) => {}; // custom visitor function to serialize form values
dots: boolean; // use dots instead of brackets format
metaTokens: boolean; // keep special endings like {} in parameter key
indexes: boolean; // array indexes format null - no brackets, false - empty brackets, true - brackets with indexes
maxDepth: 100; // maximum object nesting depth; throws AxiosError (ERR_FORM_DATA_DEPTH_EXCEEDED) if exceeded. Set to Infinity to disable.
},
// http adapter only (node.js)
maxRate: [
100 * 1024, // 100KB/s upload limit,
100 * 1024 // 100KB/s download limit
]
}
```
### Strict RFC 3986 percent-encoding for query params
By default, axios decodes `%3A`, `%24`, `%2C` and `%20` back to `:`, `$`, `,` and `+` for readability (the `+` follows the `application/x-www-form-urlencoded` convention for spaces in query strings). These characters are valid in a query component under [RFC 3986](https://datatracker.ietf.org/doc/html/rfc3986#section-3.4), so the default output is correct, but some backends require strict percent-encoding and reject the readable form.
Override the default encoder via `paramsSerializer.encode`:
```js
// Per-request: emit strict RFC 3986 percent-encoding for query values
axios.get('/foo', {
params: { filter: JSON.stringify({ startedAt: '2026-01-23' }) },
paramsSerializer: { encode: encodeURIComponent }
});
// Or set it on the instance defaults
const client = axios.create({
paramsSerializer: { encode: encodeURIComponent }
});
```
## π₯ HTTP/2 Support
Axios has experimental HTTP/2 support available via the Node.js HTTP adapter.
Support depends on the runtime environment and Node.js version. Features like redirects and some behaviors may not be fully supported with HTTP/2.
Options like `httpVersion` and `http2Options` are adapter-specific and may not work consistently across all environments.
If HTTP/2 functionality is required, ensure your runtime environment supports it or consider using alternative libraries or custom adapters.
## Response Schema
The response to a request contains the following information.
```js
{
// `data` is the response that was provided by the server
data: {},
// `status` is the HTTP status code from the server response
status: 200,
// `statusText` is the HTTP status message from the server response
statusText: 'OK',
// `headers` the HTTP headers that the server responded with
// All header names are lowercase and can be accessed using the bracket notation.
// Example: `response.headers['content-type']`
headers: {},
// `config` is the config that was provided to `axios` for the request
config: {},
// `request` is the request that generated this response
// It is the last ClientRequest instance in node.js (in redirects)
// and an XMLHttpRequest instance in the browser
request: {}
}
```
When using `then`, you will receive the response as follows:
```js
const response = await axios.get('/user/12345');
console.log(response.data);
console.log(response.status);
console.log(response.statusText);
console.log(response.headers);
console.log(response.config);
```
When using `catch`, or passing a [rejection callback](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise/then) as second parameter of `then`, the response will be available through the `error` object as explained in the [Handling Errors](#handling-errors) section.
## Config Defaults
You can specify config defaults that will be applied to every request.
### Global axios defaults
```js
axios.defaults.baseURL = 'https://api.example.com';
// Important: If axios is used with multiple domains, the AUTH_TOKEN will be sent to all of them.
// See below for an example using Custom instance defaults instead.
axios.defaults.headers.common['Authorization'] = AUTH_TOKEN;
axios.defaults.headers.post['Content-Type'] = 'application/x-www-form-urlencoded';
```
### Custom instance defaults
```js
// Set config defaults when creating the instance
const instance = axios.create({
baseURL: 'https://api.example.com',
});
// Alter defaults after instance has been created
instance.defaults.headers.common['Authorization'] = AUTH_TOKEN;
```
### Config order of precedence
Config will be merged with an order of precedence. The order is library defaults found in [lib/defaults/index.js](https://github.com/axios/axios/blob/main/lib/defaults/index.js#L49), then `defaults` property of the instance, and finally `config` argument for the request. The latter will take precedence over the former. Here's an example.
```js
// Create an instance using the config defaults provided by the library
// At this point the timeout config value is `0` as is the default for the library
const instance = axios.create();
// Override timeout default for the library
// Now all requests using this instance will wait 2.5 seconds before timing out
instance.defaults.timeout = 2500;
// Override timeout for this request as it's known to take a long time
instance.get('/longRequest', {
timeout: 5000,
});
```
## Interceptors
You can intercept requests or responses before methods like `.get()` or `.post()`
resolve their promises (before code inside `then` or `catch`, or after `await`)
```js
const instance = axios.create();
// Add a request interceptor
instance.interceptors.request.use(
function (config) {
// Do something before the request is sent
return config;
},
function (error) {
// Do something with the request error
return Promise.reject(error);
}
);
// Add a response interceptor
instance.interceptors.response.use(
function (response) {
// Any status code that lies within the range of 2xx causes this function to trigger
// Do something with response data
return response;
},
function (error) {
// Any status codes that fall outside the range of 2xx cause this function to trigger
// Do something with response error
return Promise.reject(error);
}
);
```
If you need to remove an interceptor later you can.
```js
const instance = axios.create();
const myInterceptor = instance.interceptors.request.use(function () {
/*...*/
});
axios.interceptors.request.eject(myInterceptor);
```
You can also clear all interceptors for requests or responses.
```js
const instance = axios.create();
instance.interceptors.request.use(function () {
/*...*/
});
instance.interceptors.request.clear(); // Removes interceptors from requests
instance.interceptors.response.use(function () {
/*...*/
});
instance.interceptors.response.clear(); // Removes interceptors from responses
```
You can add interceptors to a custom instance of axios.
```js
const instance = axios.create();
instance.interceptors.request.use(function () {
/*...*/
});
```
When you add request interceptors, they are presumed to be asynchronous by default. This can cause a delay
in the execution of your axios request when the main thread is blocked (a promise is created under the hood for
the interceptor and your request gets put at the bottom of the call stack). If your request interceptors are synchronous you can add a flag
to the options object that will tell axios to run the code synchronously and avoid any delays in request execution.
```js
axios.interceptors.request.use(
function (config) {
config.headers.test = 'I am only a header!';
return config;
},
null,
{ synchronous: true }
);
```
If you want to execute a particular interceptor based on a runtime check,
you can add a `runWhen` function to the options object. The request interceptor will not be executed **if and only if** the return
of `runWhen` is `false`. The function will be called with the config
object (don't forget that you can bind your own arguments to it as well.) This can be handy when you have an
asynchronous request interceptor that only needs to run at certain times.
```js
function onGetCall(config) {
return config.method === 'get';
}
axios.interceptors.request.use(
function (config) {
config.headers.test = 'special get headers';
return config;
},
null,
{ runWhen: onGetCall }
);
```
> **Note:** The options parameter(having `synchronous` and `runWhen` properties) is only supported for request interceptors at the moment.
### Interceptor Execution Order
**Important:** Interceptors have different execution orders depending on their type!
Request interceptors are executed in **reverse order** (LIFO - Last In, First Out). This means the _last_ interceptor added is executed **first**.
Response interceptors are executed in the **order they were added** (FIFO - First In, First Out). This means the _first_ interceptor added is executed **first**.
Example:
```js
const instance = axios.create();
const interceptor = (id) => (base