Q1. Is it okay to use the word "deregistration" in the API specification, or should I use "signout"? Which one is better?
Q2. And I wonder if the actual logic of membership withdrawal API is just changing user's status to "pending", can I specify the API's HTTP Method to DELETE, or should I use PATCH?
Which HTTP method of 'user withdrawl api' is more RESTful?
I tried "signout" to our service's user withdrawal API's name, but it can misleading developer to understand it to 'logout' so I want to know the common naming convention.
Here are some ideas. There's no absolute right and wrong - maybe more important is keeping consistency with your existing REST structure
If you're removing the user entirely, so they no longer exist at all:
DELETE /api/users/{id}If you're keeping the user in the system, but removing them from the list of active users, consider the philosophy of deleting them from a sub collection:
DELETE /api/users/active/{id}You've already mentioned patch. Personally I don't like that, because it puts the onus on the client to know which fields it needs to patch. That's ok while it's just a single "status" field... But if you ever need to introduce more complex state with extra fields (say a "deactivated date") then either the client would break, or the PATCH would need mangling by the server (which isn't really in the spirit of it). By using a simple DELETE verb, like the two above options, you're protected from that.