6

I'm building a REST API. actually I understand the the common guide and rule.

But i have issue with DELETE method, because I need to send the data over the body in the request, which DELETE method will ignore the body.

If you asking what data that makes me send it over body in DELETE method, is a 'url' and some other parameter. Of course the 'url' has id in the database, so i can use DELETE with no problem, like DELETE https://api.example.com/content/url:url_id. But rather that pass the id, i chose to pass the url it self and some other param. my business logic and requirement force me to pass the url not the id in DELETE method.

so after reading, i find also some proxy blocking DELETE and PUT method. and also the HTML form only support GET and POST method.

i'm starting thinking that better to only use GET and POST in my REST API. so i can user POST for delete and object or resource like this:

POST /content/delete/url
Body :
    url : xxxx
    param1 : xxxx
    param2 : xxx

But in "REST API Design rulebook, O'reilly", page 18 said

"HTTP request methods should be used to indicate which CRUD function is performed"

The following anti-patterns exemplify what not to do:

GET /deleteUser?id=1234
GET /deleteUser/1234
POST /users/1234/delete

after searching and reading again, I came with some solution

  1. using X-HTTP-Method-Override

  2. using api method name like flicker(api.flickr.com/services/rest/?method=flickr.collections.getInfo) and mailchimp(api.mailchimp.com/1.3/?method=campaignDelete)

I think I like solution 1, to use 'X-HTTP-Method-Override'. What do you think?

Google seem to use X-HTTP-Method-Override, rever to this https://developers.google.com/gdata/docs/2.0/basics

Flicker and Mailchimp use method name, like in solution 2

Ahmad
  • 4,224
  • 8
  • 29
  • 40
  • You're free to send a body payload with DELETE (see http://stackoverflow.com/a/5928241/89771). – Alix Axel Jan 14 '13 at 09:34
  • But here say diferent http://stackoverflow.com/questions/299628/is-an-entity-body-allowed-for-an-http-delete-request – Ahmad Jan 14 '13 at 09:46
  • @AlixAxel: I thought so too - and wrote my API that way. But it's a bad idea. At last some proxy/gateways strip out the body of a delete request. We're using WS02 API Gateway and it strips it out, so my actual API never sees the body if called externally (works fine calling internally). The reason for needing a body at all, for me, is that the same gateway doesn't like : in URL parameters and my ids include them. – Adam Feb 04 '18 at 14:10

3 Answers3

1

you CANNOT send body with a DELETE request. and it doesnt make sense!

RESTful would be

DELETE  http://www.plocal:3000/api/v1/content/page-1
DELETE  http://www.plocal:3000/api/v1/content/info-page
DELETE  http://www.plocal:3000/api/v1/content/1
DELETE  http://www.plocal:3000/api/v1/content/2

testcall with 

curl -v http://www.plocal:3000/api/v1/content -X DELETE
Tim Kretschmer
  • 2,272
  • 1
  • 22
  • 35
  • Cannot and Should Not are pretty different but don't take my word for it: https://stackoverflow.com/a/299696/2325377 – DVS Jun 24 '22 at 17:49
1

I know it is part of you business logic, but i would recommend you to rethink it or maybe try to use another solution instead of REST.

By doing stuff like the ones you mentioned, u will be breaking all the REST concepts and still not doing something good enough on your application.

I think the best solution in your case would be think on your business logic. Maybe it can be done without break REST.

If u think it cant be done, then i would recommend the first solution u listed. It feels less wrong.

Hope it helps.

Paulo Henrique
  • 1,025
  • 8
  • 12
0

Is the URL the identifying information of the content item to be deleted? If so,

DELETE https://api.example.com/content/:id

And include the url as part of the id. Id's don't have to be strictly integers.

You may also want to make a new route

resources :content, :except => [:delete] do
  member do
    delete delete_by_url
  end
end

And then you'll have a new delete route with a more appropriate name and a specific action in the controller.

DELETE https://api.example.com/content/:id/delete_by_url
Mark Swardstrom
  • 17,217
  • 6
  • 62
  • 70