Maybe it has been brought up, but I couldn’t find anything.
In the jsonapi FAQs it’s stated, that with a PATCH you can do everything that you can do with PUT. As far as I can tell, that’s not true.
For example: it will not be possible, to turn an existing object into an object with fewer attributes, through PATCH. That would be a contradiction to what PATCH should do.
So, for this particular case, a PUT method is required.
How I read the spec, “deleting” attributes can be achieved by PATCHing:
{
"id": 1,
"type": "article",
"attributes": {
"title": null
}
}
This will clear the data stored in the “title” attribute. Of course it is up to you as a developer whether you choose to delete the entire attribute in your datastore, or indeed store the null value with it.
I think the problem there is: a (dumb) server that’s oblivious to the actual model cannot distinct between
- the title has been ‘unset’ by a user
- the title attribute ceased to exist
And there’s no way the client could tell the server which case it is.
Apart from that, if the server were to totally remove the attribute from the object, it would fail the expectation of a PATCH, that a subsequent GET to the same URI reflects the changes made in PATCH.
The PATCH request instructed to set the title to null, and I guess a GET should mirror that.
I think you may be noticing an issue in the framework or store you are using, which isn’t necessarily a problem with {json:api}, but does reveal itself in this case.
Regarding your second bullet point, shouldn’t be possible from any remote client. If you are encountering this as a design constraint, I believe you should be looking at alternative options for your server. This kind of naive utilization of unsanitized user input will lead to any number of issues down the road.