/delete route is not http compliant (401/403/Authorisation/WWW-Authorisation)

[Julien00859]

Reading the HTTP Spec there are several problems with the /delete route.

1. When the Authorization header is missing or that the scheme is invalid, the response must be a 401 response with a WWW-Authenticate header.
2. When the Authorization header is present and the scheme valid but that the code is invalid, the response must be a 403 response.
3. The "Token" type does not exist, should be something else, I think "Bearer" but we should verify.

[Mesteery]

Do you mean WWW-Authenticate?