Disable WebAPI Verbs (Http Methods) on Sitecore Content Delivery Servers

It's increasingly common to implement web services in a Sitecore hosted solution using Microsoft's WebAPI framework. I'm personally a fan of this approach and if you're paying attention to your usage of verbs then typically services responsible for modifying content in Sitecore will use action methods decorated with POST, PUT or DELETE http methods.

In a typical scenario you would only want these services to be accesible in content management server roles with the distribution of content modifications to content delivery server roles handled by Sitecore's publishing API (or task runner).

So how do I ensure that only GET requests will be accepted on a content delivery server? In this example I'll setup my WebAPI endpoint configuration in the initialize pipeline:

Inside of my class I will implement a method that reads a boolean value (which defaults to false to be safe) from a patch file that will instruct my WebAPI configuration method in terms of the constraints it should place on my WebAPI routes.

Now we simply to need to add config transforms to the include file in order to control the value of 'Api.ModificationsAllowed' for each server role.

That's it, nice and simple!