Hey, why did you accept :id in a DELETE transaction, I mean, this is secure? Imagine I have the token to send a request to your server, and now I can delete all the users using a simple ID from my browser, is this good? I prefer to use :id just in GET request
Yes, I think DELETE /transaction/:id is the best way to delete a particular record. You are not deleting the entire table but only a particular record if it exists.
Another thing to keep in mind, you can have authorization checks to prevent certain users from being able to perform certain actions. You can also prevent certain action types (DELETE) from a resource.
So in your case, if you don't want Users to be deleted, you can prevent any access to DELETE users/:id.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hey, why did you accept :id in a DELETE transaction, I mean, this is secure? Imagine I have the token to send a request to your server, and now I can delete all the users using a simple ID from my browser, is this good? I prefer to use :id just in GET request
Yes, I think DELETE /transaction/:id is the best way to delete a particular record. You are not deleting the entire table but only a particular record if it exists.
Another thing to keep in mind, you can have authorization checks to prevent certain users from being able to perform certain actions. You can also prevent certain action types (DELETE) from a resource.
So in your case, if you don't want Users to be deleted, you can prevent any access to DELETE users/:id.