POST or PUT instead of DELETE when delete is blocked at web server

0
votes

We have an crud API developed with POST, PUT, DELETE and GET methods supported. We have since discovered that DELETE is blocked at web server level in our organization so any requests to the API for DELETE via browser are blocked. We were informed to update our API to a POST for supporting DELETE. In the delete request Our API then calls another API with a DELETE request which is supported.

So the flow is

browser -> PUT/POST -> ourAPI -> DELETE -> anotherAPI

The old URI was DELETE /{entity}/{code}

I am updating to /{entity}/{code}/delete - but unsure if it makes more sense as a PUT or POST, I know POST isn't idempotent but the DELETE request to second API will be.

Thanks

2
apirestapi-design

2 Answers

0
votes

Whether to use POST or PUT could depend on how attempting to delete a non-existent entity should be handled.

If the request should succeed silently as if the entity existed, the action is idempotent - so PUT seems appropriate.

If the request should trigger an error (404 or at least server-side logging), POST seems appropriate.

0
votes

It doesn't really matter as long as it's clear to the users.

Here's and example of a POST delete from this very site: https://api.stackexchange.com/docs/delete-answer.