BE: Appointment Controllers

[bonnieli]

• CREATE /appointment -> Create an appointment
  • meeting_id, name, email, time (datetime), timezone
• GET /appointments -> list of appointments for logged in user

[blacksector]

Should CREATE be authenticated? Will non-logged-in users be able to create appointments? If yes they need to be authenticated that makes the "email" and "timezone" fields obsolete as we can just link a user to the appointments table with a foreign key. So, should it be unauthenticated instead?