you can declare this in a handler to limit what verbs maybe be used per method:
this.allowedMethods = {
delete='delete',
get='get,post',
index='get'
};
you can declare this as a route to send a request to a particular method depending on the verb:
addRoute(pattern="my/pattern",handler="handler.method",action={get="get"});
which way is better to secure a restful api?