I work in an environment where Postman is an administrative and testing tool for our developers and it worries me.
How do you produce repeatable test results when you’re just passing around Postman configurations (they don’t want to commit the to GitHub in case there are embedded credentials)? How do you know your services are configured correctly?
I agree. I feel like deleting a collection should require at least two requests, one to get a deletion authorization token, and another to perform the deletion with the token. The RESTful equivalent of "are you sure?". It's terrifying to think millions of records are just one DELETE request away from oblivion.
Postman doesn’t know that sending a single DELETE request to that URL will delete 17 million records.
Arguably, REST interfaces shouldn’t allow deleting an entire collection with a single parameterless DELETE request.