Transaction.Search using INCLUDEDIN with an empty array returns ALL transactions!

[simeyla]

General information

• SDK/Library version: .NET 4.16.0
• Environment: Production
• Language, language version, and OS: C#

Probably affects other languages too

Issue description

I have made over 1.2 million unintended API calls over the past couple days. I meant to perform about 10000!

Why? I run a scheduled task to update records that I know need updating (eg. after a refund).

 // GET transactions from my database that I want to refresh
 var scheduledUpdateTransactionIds = GetTransactionsToUpdate();  

 // Call Braintree API to get Transaction objects
 gateway.Transaction.SearchAsync(new BT.TransactionSearchRequest()
                                .Ids.IncludedIn(scheduledUpdateTransactionIds));

This works great - unless the array is empty in which case it returns EVERY SINGLE transaction in my account.

I am running this every five minutes so it's basically been hammering your API 24x7 for the past few days. I have a grand total of 1277295 API calls!

This was extremely unexpected, and obviously I can work around this - but it'll hit someone else sooner or later - so checks should be put for empty array. Nice to know your API really is unlimited though :-)

[hollabaq86]

👋 @simeyla, thanks for reaching out- I agree this is some interesting behavior from our API :-) I've forwarded your feedback to our Search team for review.