diff --git a/lib/pact_broker/api/resources/base_resource.rb b/lib/pact_broker/api/resources/base_resource.rb
index 29e843237..ab0091068 100644
--- a/lib/pact_broker/api/resources/base_resource.rb
+++ b/lib/pact_broker/api/resources/base_resource.rb
@@ -319,6 +319,12 @@ def content_type_json?
         def put_can_create?
           false
         end
+
+        # Not a Webmachine method. This is used by security policy code to identify whether
+        # a PATCH to a non existing resource can create a new object.
+        def patch_can_create?
+          false
+        end
       end
     end
   end
diff --git a/lib/pact_broker/api/resources/deployed_version.rb b/lib/pact_broker/api/resources/deployed_version.rb
index e1071c808..be596eb1c 100644
--- a/lib/pact_broker/api/resources/deployed_version.rb
+++ b/lib/pact_broker/api/resources/deployed_version.rb
@@ -24,6 +24,10 @@ def allowed_methods
           ["GET", "PATCH", "OPTIONS"]
         end
 
+        def patch_can_create?
+          false
+        end
+
         def resource_exists?
           !!deployed_version
         end
diff --git a/lib/pact_broker/api/resources/pact.rb b/lib/pact_broker/api/resources/pact.rb
index 8b3c13f0b..1a76e4eb5 100644
--- a/lib/pact_broker/api/resources/pact.rb
+++ b/lib/pact_broker/api/resources/pact.rb
@@ -40,6 +40,10 @@ def put_can_create?
           true
         end
 
+        def patch_can_create?
+          true
+        end
+
         def is_conflict?
           merge_conflict = request.patch? && resource_exists? && Pacts::Merger.conflict?(pact.json_content, pact_params.json_content)
 
diff --git a/lib/pact_broker/api/resources/pacticipant.rb b/lib/pact_broker/api/resources/pacticipant.rb
index b03b5bfcd..d3680d372 100644
--- a/lib/pact_broker/api/resources/pacticipant.rb
+++ b/lib/pact_broker/api/resources/pacticipant.rb
@@ -25,6 +25,10 @@ def put_can_create?
           false
         end
 
+        def patch_can_create?
+          true
+        end
+
         def known_methods
           super + ["PATCH"]
         end
@@ -48,6 +52,7 @@ def from_json
           response.body = to_json
         end
 
+        # PUT or PATCH with content-type application/merge-patch+json
         def from_merge_patch_json
           if request.patch?
             from_json
diff --git a/lib/pact_broker/api/resources/released_version.rb b/lib/pact_broker/api/resources/released_version.rb
index df82f597f..0cb93b58f 100644
--- a/lib/pact_broker/api/resources/released_version.rb
+++ b/lib/pact_broker/api/resources/released_version.rb
@@ -22,6 +22,10 @@ def allowed_methods
           ["GET", "PATCH", "OPTIONS"]
         end
 
+        def patch_can_create?
+          false
+        end
+
         def resource_exists?
           !!released_version
         end
diff --git a/lib/pact_broker/api/resources/version.rb b/lib/pact_broker/api/resources/version.rb
index ccabb5ba0..d67a2e0da 100644
--- a/lib/pact_broker/api/resources/version.rb
+++ b/lib/pact_broker/api/resources/version.rb
@@ -25,6 +25,10 @@ def put_can_create?
           true
         end
 
+        def patch_can_create?
+          true
+        end
+
         def resource_exists?
           !!version
         end