REST HTTP status code if DELETE impossible

I’d say 409 is the most appropriate, given it’s wording in the RFC:

The 409 (Conflict) status code indicates that the request could not
be completed due to a conflict with the current state of the target
resource
. This code is used in situations where the user might be
able to resolve the conflict and resubmit the request. The server
SHOULD generate a payload that includes enough information for a user
to recognize the source of the conflict.

(emphasis mine)

Based on my understanding of the description in the question, the reason for DELETE not being allowed is exactly a conflict with the current state of the target resource. As indicated in the RFC, the response payload can give an indication of the reason and, optionally, the user might be able to resolve it. I don’t see anything in the spec that makes 409 inappropriate just because the API doesn’t offer a conflict resolution possibility.

Leave a Comment