Once deployed in production, an application is exposed to a large number of requests. Inevitably, some of them will be malicious. This implicitly brings the requirement of granting explicit access permissions. That is, authenticating a selected number of consumers to have access to your service. Most of the consumers will use the service only for data provisioning. However, a few will need to be able to provide new, or modify the existing, contacts data. In order to ensure that only appropriate consumers will be able to execute
DELETE requests, we will have to introduce the concept of authorization into our application, which will grant only explicitly selected users modification permissions. ...