I'm building a RESTful API command to deactivate a user record. Is it kosher to use DELETE to do this or should this be a PUT, since the record is being updated to "deactivated" status? Or is it just a matter of taste?
The HTTP DELETE method is used to delete a resource from the server. Unlike GET and HEAD requests, the DELETE requests may change the server state. Sending a message body on a DELETE request might cause some servers to reject the request. But you still can send data to the server using URL parameters.
Several common HTTP methods are safe: GET , HEAD , or OPTIONS . All safe methods are also idempotent, but not all idempotent methods are safe. For example, PUT and DELETE are both idempotent but unsafe.
You may use the POST method to create, update and delete resources but this is considered a poor design. The different http verbs standardize modern ways of creating REST APIs.
The PUT method replaces all current representations of the target resource with the request payload. The DELETE method deletes the specified resource. The CONNECT method establishes a tunnel to the server identified by the target resource.
The semantics of DELETE
means that you are actually getting rid of the object. What you're doing here seems like a modification of the object's state. In this case a PUT
or PATCH
would be more appropriate.
It is better to stick with the semantics of uniform interface that you're using (in this case, HTTP verbs). If those match up to what you're actually doing within your app, then there is less confusion. Also, what if you decide later that a DELETE
should actually remove a record instead of just marking it "inactive"? Now you've changed the behavior of your API. Also, if you're using DELETE
, you're essentially following the "principle of least surprise", which is good for an API. It's better to have a DELETE
actually do a delete, rather than just pretending to do so.
On the other hand it is perfectly fine to remove the record from one location and move it elsewhere (from one table to another, for example) if it turns out that you are required to keep the data for historical purposes. In this case, that record should just remain unavailable to future operations (i.e., a GET
on the resource should return a 404
).
If after your deactivation operation, the resource is not accessible to the end user any more through "GET" unless it is reactivated again, I do not see a problem using "DELETE". Otherwise, "PUT" is more appropriate.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With