Your API might be wasting bandwidth, confusing users, and creating security holes because you're doing PATCH requests wrong. A developer just reminded the tech world that there's an actual standard for partial updates, and most of us have been ignoring it.
The Problem Everyone Ignores
Walk into any development team and watch what happens when they need to update a user's email address. They'll grab the entire user object, change the email field, and send the whole thing back to the server as a PATCH request. It works, sure, but it's like demolishing your house to change a light bulb.
This approach has become so common that many developers don't realise there's a proper specification for partial updates: RFC 6902, also known as JSON Patch. Instead of sending complete objects, JSON Patch sends only the changes as a series of operations.
What JSON Patch Actually Does
JSON Patch treats updates like a set of instructions rather than replacements. Instead of "here's the new version of this thing," it says "change this field to this value" or "remove this property" or "add this item to this array."
The difference is stark. A traditional PATCH to update someone's phone number might send 50 fields when you only changed one. JSON Patch sends exactly what changed: one operation targeting one field.
This isn't just academic. We've seen client projects where mobile users abandoned forms because the app was uploading entire user profiles over slow connections just to update a single preference. The bandwidth waste was causing real business impact.
What This Means If You Run a Business
If your application handles any kind of user data updates, you're probably hemorrhaging bandwidth and creating unnecessary complexity. Every time someone changes their address or updates their preferences, you're sending data you don't need to send.
This matters more than you might think. Mobile users on limited data plans notice when apps are data-hungry. International users on slower connections abandon forms that take too long to submit. And if you're paying for bandwidth on your hosting, you're literally paying extra to send redundant data.
“Most businesses are unknowingly punishing their mobile users with bloated PATCH requests that send ten times more data than necessary.”
There's also a security angle that gets overlooked. When you send entire objects, you risk accidentally exposing or overwriting fields that weren't meant to be changed. JSON Patch operations are explicit about what's being modified, which makes accidental data leaks much less likely.
The performance implications compound as your user base grows. A customer management system that sends full contact records for every small update will struggle under load in ways that proper partial updates would handle gracefully.
What To Do About It
- 1.Audit your current PATCH endpoints to see how much data you're actually sending. Look at your browser's network tab during typical user actions. If you're sending kilobytes to change a single field, you've found your problem.
- 1.Implement JSON Patch for frequently updated resources like user profiles, settings, or any data that changes often. Don't try to convert everything at once; focus on the endpoints that get the most traffic or handle the largest objects.
- 1.Use existing libraries rather than building from scratch. Most modern frameworks have JSON Patch implementations available. In JavaScript, there's fast-json-patch. Python has jsonpatch. Don't reinvent this wheel.
- 1.Test with real network conditions, not just your office WiFi. Use browser dev tools to simulate slow connections and see how JSON Patch improves the experience compared to full object updates.
- 1.Consider backwards compatibility if you're retrofitting existing APIs. You can support both approaches during a transition period, then deprecate the old method once clients have adapted.
The standard exists for good reasons. Your bandwidth bills and user experience will thank you for using it properly.
https://dev.to/99tools/most-devs-send-the-whole-object-and-call-it-a-patch-rfc-6902-exists-for-a-reason-heres-what-json-159f
Published: 2026-05-11
https://searchengineland.com/google-ads-ga4-crm-numbers-never-match-476978
Published: 2026-05-11
https://blog.google/innovation-and-ai/products/gemini-app/digitize-notes-gemini-study-guide/
Published: 2026-05-11
GET THE WEEKLY BRIEFING
One email a week. What happened in tech and why it matters to your business.
NEED HELP WITH THIS?
That's literally what we do. Websites, automation, AI tools - one conversation, no jargon.
GET IN TOUCHMORE NEWS
Claude Code is steganographically marking its requests
Researchers found Claude Code embeds hidden signals in its HTTP requests. Here's what steganographic watermarking means for AI tooling and developer trust.
Using Claude Code to analyse medical MRI results
One developer used Claude Code as a second opinion on their MRI scan. Here's what happened when AI meets personal medical data.
Correlated randomness in Slay the Spire 2: how it works
Explore how Slay the Spire 2 uses correlated randomness to create fairer, more satisfying outcomes without sacrificing the unpredictability that makes roguelikes fun.