Let's say someone deletes their account on a website, such as Facebook. Often the resource won't actually be deleted, but it'll just be marked is_active=0 in the database or whatever else. For a straight delete of a resource in REST it's suggested to use a DELETE, however, what is the suggested approach to doing this sort of soft-delete? Is that usually done with a DELETE and the not-actual-delete is done behind the scenes? Or is this done with something like a PUT / PATCH ?

Update: Here is an example from Stripe where they call a DELETE, but it doesn't actually do a delete behind-the-scenes:

Unlike other objects, deleted customers can still be retrieved through the API, in order to be able to track the history of customers while still removing their credit card details and preventing any further operations to be performed (such as adding a new subscription).

CodePudding user response：

HTTP DELETE, just like GET, PUT. POST and so on, are of the transfer-of-documents-over-a-network domain. The useful work in your business domain is a side effect of the manipulation of the resources in the resource domain. (see: Jim Webber, 2011)

The decision to soft delete or hard delete data of your business domain is purely an implementation detail, hidden behind the HTTP facade.

On the web, both soft deletes and hard deletes are typically achieved the same way: POST -- because that's something we can do with general purpose HTML browsers.

But if you (the API designer) wanted to implement that same functionality via the DELETE of a resource, that's fine. Similarly if you instead want to achieve that end by editing (PUT/PATCH) a resource, that's also fine.