Grant-ICF
commented
1 month ago Thank you @DavidTweedieWellSky for your recommendation. We made the fields optional. That change will be reflected in "v1.0b9".
Our main concern with having the search for a client using PII via a GET is that there may be a data leak concern since GET exposes parameters in the URL directly. Our logic was that we probably don't want an SSN in a URL. Our solution was to use a POST. We are open to other thoughts and ideas on how to protect sensitive data in the API reference. Let me know if you have a different perspective on GET vs. POST!
Not all clients provide a Date of Birth, so while it is helpful to have both the month and day as optional, the year should also be made optional. The Social Security Number field should also be made optional. This client summary information should be returned via a get endpoint, not a post endpoint, so this endpoint type should be changed.