"GET / users? Username = joe & password = topsecret", but this will distort the official purpose of the GET request. "
No, it does not pervert anything. This is an absolutely correct and RESTful way to do this, and it is the recommended way to get dynamic results in the http specification. REST does not care about what is in the url, only that it is unique. The URL of this page can be http: // 3f778a9b8a7c778696e for all kinds of REST architecture, if this is the only way to get there, and it doesnโt lead anywhere else.
http defines the query string protocol for returning dynamic results. Given the current state of your database, the query string you give your application should always return the same result. Then it will be OPEN. URL aesthetics is a completely different issue from REST.
according to the REST architecture, the rules of a GET request are that it always returns the same results (or maintains the same results for sufficiently long periods of time, so caching works), and that GET has no side effects. GET should be idempotent (always return the same results, no matter how many times you call it), and do not lead to a change in the state of the system. That's all.
Of course, you do not need to use the request protocol. You can put parameters in slashes, between semicolons, or maybe base64 encoded GUIDs. It is entirely up to you if it follows these simple rules.