[FIX] Aggregate API for refunds to use JWT authentication only, removing API Key auth

[apoorvdixit88]

Feature Description

Refactor /refunds/aggregate API to use JWT authentication only, removing API Key auth

The /refunds/aggregate API is meant for internal use only and should not be accessible via API Key authentication. It should be secured using JWT authentication exclusively, as it is not intended to be used by merchants.

Current Behavior:

• The API currently supports both API Key and JWT authentication. Expected Behavior:
• Refactor the API to allow JWT authentication only, enforcing that only internal users can access this endpoint.
• Remove the API Key authentication block as merchants should not have access to this API.

Possible Implementation

The route function get_refunds_aggregates should be modified to remove API Key authentication and ensure that only JWT auth is applied.

The route function

pub async fn get_refunds_aggregates(
    state: web::Data<AppState>,
    req: HttpRequest,
    query_params: web::Query<common_utils::types::TimeRange>,
) -> HttpResponse

Hint: Additional context can be taken from paymets aggregate function.

Have you spent some time checking if this feature request has been raised before?

• [X] I checked and didn't find a similar issue

Submission Process:

• Ask the maintainers for assignment of the issue, you can request for assignment by commenting on the issue itself.
• Once assigned, submit a pull request (PR).
• Maintainers will review and provide feedback, if any.
• Maintainers can unassign issues due to inactivity, read more here.

Refer here for Terms and conditions for the contest.

[sangram-mkj-01]

Hi, can you assign me to this issue?

[gorakhnathy7]

Hey @sangram-mkj-01 you had requested for another issue earlier, which has been assigned to you. Kindly let me know, once that is done, i can assign another one to you!

[jayantp2003]

I would like to work on this issue.