I need to send data and compare if it exists in the API server. For example:
$a['foo'] = 'hello';
$a['bar'] = 'world';
$rest->verb('resource', $a);
If the value of foo and bar exist in the API server it should return OK else Bad Request.
I would like to use GET as verb as it sounds more proper and just send data in query string but what if foo and bar is sensitive info and much more safer transmitted via post/put? But then I am not adding or updating anything.
What is the best verb in this situation?
Well, ruling out GET1 for security concerns effectively leaves only POST/PUT (flat out ignoring DELETE).
Out of these available options, I suggest using POST because it is the more common (especially outside of REST) and less specific HTTP verb overall.
From REST for the Rest of Us:
1 The issue with GET is that any data to the server must be transferred via URI (resource name and query string). This response thus assumes that a request using the POST verb would not use the URI to transfer sensitive information, or it would be no better than GET. The article How Secure are Query Strings over HTTPS? discusses some concerns with data in URIs, even with HTTPS connections (which should be used for all sensitive requests).