Your application operations for a given resource URI should be mapped to one of the standard HTTP methods on which REST is based: GET, POST, PUT, PATCH, or DELETE. Choosing which to use and being consistent about its use throughout your REST API is vital. Again, there are many resources on the internet that discuss this topic in much more detail. Here is a brief summary of my interpretation of those readings:

• GET: This method is typically for operations that query the database and whose parameters are easily expressed in the URI structure and/or whose parameters fit well with this method.

• PUT versus POST: These methods are typically for operations that create, update, or query the database and where parameters are more complex, for example, lists or structures of information that cannot be reflected in URI parameters. There is also a consideration around the term idempotent (check out Wikipedia for a full definition of this), which relates to whether or not the request can be repeated over and over, resulting in the same state in the database. As you dig deeper into the RESTful design guidelines, this term typically drives the decision of whether to use PUT or POST.
• PATCH: This method is typically for operations that solely update existing information, such as a record or some other complex dataset spanning multiple records.
• DELETE: This method is, of course, to delete existing information expressed in the URI.

We will use the POST HTTP method with the /services/apexrest/compliance resource URI to implement our REST API for the compliance verify operation, passing the list of records to verify as a part of the HTTP request body using the JSON data format.