RFC 2616 describes which status codes to use.

And no, it's not always 200.

Short answer: for both PUT and DELETE, you should send either 200 (OK) or 204 (No Content).

Long answer: here's a complete decision diagram (click to magnify).

Source: https://github.com/for-GET/http-decision-diagram

When a resource is modified, the response code should be 200 (“OK”). If the resource state changes in a way that changes the URI to the resource (for instance, a user account is renamed), the response code is 301 (“Moved Permanently”) and the Location header should provide the new URI.

When an object is deleted, the response code should be 200 (“OK”).

Follow the below link for more details -- status code for rest

Here are some Tips:

DELETE

• 200 (if you want send some additional data in the Response) or 204 (recommended).

• 202 Operation deleted has not been committed yet.

• If there's nothing to delete, use 204 or 404 (DELETE operation is idempotent, delete an already deleted item is operation successful, so you can return 204, but it's true that idempotent doesn't necessarily imply the same response)

Other errors:

• 400 Bad Request (Malformed syntax or a bad query is strange but possible).
• 401 Unauthorized Authentication failure
• 403 Forbidden: Authorization failure or invalid Application ID.
• 405 Not Allowed. Sure.
• 409 Resource Conflict can be possible in complex systems.
• And 501, 502 in case of errors.

PUT

If you're updating an element of a collection

• 200/204 with the same reasons as DELETE above.
• 202 if the operation has not been commited yet.

The referenced element doesn't exists:

• PUT can be 201 (if you created the element because that is your behaviour)

• 404 If you don't want to create elements via PUT.

• 400 Bad Request (Malformed syntax or a bad query more common than in case of DELETE).

• 401 Unauthorized
• 403 Forbidden: Authentication failure or invalid Application ID.
• 405 Not Allowed. Sure.
• 409 Resource Conflict can be possible in complex systems, as in DELETE.
• 422 Unprocessable entity It helps to distinguish between a "Bad request" (e.g. malformed XML/JSON) and invalid field values
• And 501, 502 in case of errors.

In June 2014 RFC7231 obsoletes RFC2616. If you are doing REST over HTTP then RFC7231 describes exactly what behaviour is expected from GET, PUT, POST and DELETE

In addition to 200 and 204, 205 (Reset Content) could be a valid response.

The server has fulfilled the request and the user agent SHOULD reset the document view which caused the request to be sent ... [e.g.] clearing of the form in which the input is given.