Pragmatism rules here, but yeah - the common way to do this (at least if you have keys generatable by the client), eg. using REST, is to not allow POSTs, but only PUT. Most APIs I've seen use PUT solely for updates (of existing items), but as is obvious from the wording it's not the original intention.