Introduction
The DELETE method is a fundamental HTTP request method used to remove a resource from the server. It is widely used in REST APIs to delete records such as users, posts, files, products, or any database entity stored on the backend.
Unlike GET, POST, PUT, or PATCH, the DELETE method performs a destructive action, so it is handled with care and strict validation. In well-designed APIs, DELETE operations often require authentication or admin privileges.
What Is a DELETE Request?
A DELETE request is used to remove the resource identified by the given URL.
Once deleted, the resource is no longer available unless recreated.
Key Characteristics
- Removes an existing resource
- Usually idempotent — deleting the same resource repeatedly returns the same result (resource remains deleted)
- Mostly used with specific resource URLs
- Returns a confirmation, status code, or an empty response
- Requires strong authentication in production APIs
When Should You Use DELETE?
Use DELETE when you want to remove:
- A user profile
- A blog post or comment
- A product from inventory
- A file from a server
- An order, cart item, or wishlist item
- A record in any database
In REST APIs, DELETE is the official method to remove a resource cleanly and predictably.
How DELETE Works Internally
- Client sends a DELETE request to the resource URL
- Server verifies authentication/authorization
- Server checks if the resource exists
- Resource is deleted from the database or storage
- Server returns a suitable response (200, 204, 404, etc.)
Example 1: DELETE Request Using JavaScript (Fetch API)
fetch("https://api.example.com/user/101", {
method: "DELETE"
})
.then(res => res.json())
.then(data => console.log(data))
.catch(err => console.error(err));
Explanation
- The resource
/user/101is deleted - No body is required in the request
- Server responds with a success message or empty response
Example 2: DELETE with cURL
curl -X DELETE https://example.com/api/products/55
Use Case
Deleting product ID 55 from the system.
Some APIs return a success message:
{
"message": "Product deleted successfully"
}
Others may return no body at all.
Example 3: DELETE Method in Express.js (Node.js)
app.delete("/api/user/:id", (req, res) => {
const id = req.params.id;
if (!database[id]) {
return res.status(404).json({ message: "User not found" });
}
delete database[id];
res.json({ message: "User deleted successfully" });
});
Explanation
- Checks if the user exists
- Deletes the user
- Returns a JSON message
Example 4: DELETE with Authorization Header
Most APIs require a token:
curl -X DELETE https://api.example.com/admin/delete/22 \
-H "Authorization: Bearer YOUR_API_TOKEN"
Why?
DELETE is a destructive action — unrestricted deletion would be a major security risk.
DELETE vs PUT vs PATCH
| Feature | DELETE | PUT | PATCH |
|---|---|---|---|
| Action | Removes resource | Replaces resource | Partially updates |
| Idempotent | Yes | Yes | Sometimes |
| Requires Auth | Almost always | Often | Often |
| Body Required | No | Yes | Yes |
| Risk Level | High | Medium | Low |
Common Server Response Codes for DELETE
| Status Code | Meaning |
|---|---|
| 200 OK | Resource deleted, body returned |
| 204 No Content | Resource deleted, no body |
| 400 Bad Request | Invalid request format |
| 401 Unauthorized | Missing/invalid credentials |
| 403 Forbidden | User doesn’t have deletion rights |
| 404 Not Found | Resource does not exist |
| 500 Internal Server Error | Server could not delete |
Advantages of DELETE
- Clear and simple way to remove a resource
- Works predictably in REST APIs
- Idempotent — safer for retries
- Reduces unnecessary data storage
Disadvantages of DELETE
- Dangerous if authorization is weak
- Accidental deletion can cause data loss
- Requires careful backend validation
- May require soft-delete logic (recommended)
Soft Delete vs Hard Delete
Hard Delete
- Resource is completely removed
- Cannot be recovered
- Example: deleting a file permanently
Soft Delete
- Resource marked as deleted but kept in DB
- Can be restored
- Example: moving a file to “Trash”
APIs often implement soft delete by adding a flag:
{
"isDeleted": true
}
