I need to determine in what ways I will allow people to manipulate the resources in the system. Can people delete products from the system? If so, the API should support the DELETE HTTP method. It should not define some other mechanism for deleting products. If I don’t want to allow deletes, I will not support a DELETE operation and I will return the proper status code (405) upon a DELETE request.
