/dɪ-ˈliːt/
n. “Gone. No take-backs.”
DELETE is an HTTP request method used to remove a resource from a server. When a client issues a DELETE request to a specific URI, the server is instructed to permanently remove that resource, or at least mark it as deleted depending on implementation. Unlike PATCH or PUT, which modify resources, DELETE is purely destructive — its purpose is removal.
For example, sending a DELETE request to /users/123 would instruct the server to remove the user with ID 123 from its database. The operation should be idempotent: sending the same DELETE request multiple times should have the same effect as sending it once, meaning that after the first deletion, subsequent requests typically result in a 404 Not Found or equivalent response.
In RESTful APIs, DELETE is used alongside GET, POST, PUT, and PATCH to provide full CRUD (Create, Read, Update, Delete) capabilities. Its idempotency is a key design principle: clients can retry DELETE safely without risking duplicate deletions.
Security considerations are critical when implementing DELETE. Servers must ensure that the client is authenticated and authorized to delete the resource. Logging deletions, requiring confirmation, or using soft deletes (marking a resource as inactive rather than removing it entirely) are common strategies to prevent accidental data loss.
In practical use, DELETE enables administrators to manage resources, clean up outdated data, or remove sensitive information. For instance, a SaaS platform may allow users to delete their accounts, or an application may remove obsolete entries from a database. When combined with TLS encryption, DELETE requests can be securely transmitted over the network.
Overall, DELETE is a fundamental web method for removal operations. While simple in concept, proper implementation ensures consistency, prevents unintended data loss, and maintains the integrity of modern APIs and web applications.