I want to create an endpoint for “logging out”. Logging out in my case is basically removing an access token from the database. Therefore DELETE verb makes sense here, something like this: DELETE URL/tokens. Now in terms of rest it makes sense to have URL/tokens/, however it is generally not acceptable to put an access token in the url and rather should be put in the header. Doing the latter, however, would leave the endpoint as URL/tokens only which could imply deleting all the tokens. What do you think?