Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

REST API Design - DELETE multiple items using request Body

I have an API that displays Supplier Products

Our UI will allow the user to select various filter criteria and use that to delete a number of products at once.

The problem is that it takes too long do do a few thousand individual HTTP delete requests:

DELETE /api/supplier/6/products/5
DELETE /api/supplier/6/products/7
DELETE /api/supplier/6/products/8
DELETE /api/supplier/6/products/10
...

The intention is to make one HTTP call to delete a bunch of supplier products at once. I can pass a body to the delete so that it contains a list of all the ID's that we would like to delete:

DELETE /api/supplier/6/products
Body:
{
  "DeleteIds": "[5,7,8,10]"
}

This worked well until we put it behind our production proxy firewall which stripped the body from the DELETE request.

I have had a look at the HTTP Spec RFC 2616 Fielding, et al. and it doesn't explicity state that I shouldn't use a body in a DELETE request and further reading has shown that there isn't anything wrong with sending a body with a DELETE request.

I have control over our proxy server and have been able to allow the body to be passed through for all requests, but I worry that this may not be best practise. We could have thousands of Id's that we pass through and I don't want to us headers or URL parameters as we could run up against length restrictions.

So my question is: What would be the correct way to do a Delete for multiple products using the body of a request? Not just an opinion, but is there actual documented evidence out there for as to why I should not use the body of a HTTP DELETE?

Should I continue with

DELETE /api/supplier/6/products (Using a body)

or should not use DELETE with a body and instead do a POST to something like

POST /api/supplier/6/products/deletemultiple

Edit: There is some good debate in this question: Restful way for deleting a bunch of items It doesn't address my question about using the body of a DELETE request for a custom delete action, but there is some good debate on different ways that a batch delete can happen.

like image 611
ShaunP Avatar asked Nov 19 '22 06:11

ShaunP


1 Answers

I've done both, and when I want to pass several items to a delete action I use a POST and just have an int[] as the parameter, but I make sure that the URL I am calling is very explicit since I'm using configuration over convention: i.e:

/api/products/DeleteAllById

If I am deleting individual items, then I will use DELETE.

like image 151
Mark C. Avatar answered Dec 24 '22 19:12

Mark C.