I assume the response code 200 always allows for a response-body, but I can't find any explicit mention of response-bodies for DELETE-requests.
REST HTTP HTTP-DELETE – Is a Response-Body Allowed for an HTTP DELETE Request?
httphttp-deleterest
Related Solutions
The spec does not explicitly forbid or discourage it, so I would tend to say it is allowed.
Microsoft sees it the same way (I can hear murmuring in the audience), they state in the MSDN article about the DELETE Method of ADO.NET Data Services Framework:
If a DELETE request includes an entity body, the body is ignored [...]
Additionally here is what RFC2616 (HTTP 1.1) has to say in regard to requests:
- an entity-body is only present when a message-body is present (section 7.2)
- the presence of a message-body is signaled by the inclusion of a
Content-Length
orTransfer-Encoding
header (section 4.3) - a message-body must not be included when the specification of the request method does not allow sending an entity-body (section 4.3)
- an entity-body is explicitly forbidden in TRACE requests only, all other request types are unrestricted (section 9, and 9.8 specifically)
For responses, this has been defined:
- whether a message-body is included depends on both request method and response status (section 4.3)
- a message-body is explicitly forbidden in responses to HEAD requests (section 9, and 9.4 specifically)
- a message-body is explicitly forbidden in 1xx (informational), 204 (no content), and 304 (not modified) responses (section 4.3)
- all other responses include a message-body, though it may be of zero length (section 4.3)
Update
And in RFC 9110 (June 2022), The fact that request bodies on GET, HEAD, and DELETE are not interoperable has been clarified.
Although request message framing is independent of the method used, content received in a DELETE request has no generally defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection because of its potential as a request smuggling attack (Section 11.2 of [HTTP/1.1]). A client SHOULD NOT generate content in a DELETE request unless it is made directly to an origin server that has previously indicated, in or out of band, that such a request has a purpose and will be adequately supported. An origin server SHOULD NOT rely on private agreements to receive content, since participants in HTTP communication are often unaware of intermediaries along the request chain.
The reason you get no hard answers is because there is no hard RESTful standard. So I can only suggest that you create a hard standard and stick to it within your own APIs
I used this as a guide for RESTful services http://www.vinaysahni.com/best-practices-for-a-pragmatic-restful-api
It says respond with a 204 status and an empty body
I stick to those standards and document them well for anyone who wants to use my APIs
Best Answer
It is explicitly mentioned here in the RFC
The short answer is:
You should include a response body with an entity describing the deleted item/resource if you return 200.
202 is something like an asynchronous request/response return status.
204 says explicitly that you do not include a response body