I don't know if there is a best practice, however, I would be pragmatic, because there are many good ways to solve the problem. For example:
add a new endpoint to either reject or accept
I don't know the data structures, so let me assume that whatever data structures you use include the comment plus any metadata. Let's say, it looks like this:
interface Author { /* ... */ }
enum Status {
PENDING,
APPROVED,
REJECTED,
}
interface Comment {
author: Author
content: string
status: Status
}
So, what you may do is use a POST call to modify the resource and update the status.
POST /:postId/comments/:commentId
Content-Length: 17
Content-Type: application/json
Cookie: user-token: xxxxxxxyxxxxxxx000
X-XSRF-TOKEN: abc123
{
"status": 1
}
Anyone who is authorized to modify can now change the status. You may, though, add some extra logic to the field, so it can only be set by users with special privileges.
user := get_user_from_token(user-token)
if (is_admin(user))
update_status(body.status)
send_to_client(200)
else
send_to_client(403)