Currently, curbing mobile money fraud in the country is nearly impossible. To tackle this issue, we propose developing a real-time database that allows users to query and determine if a phone number is likely fraudulent based on public contributions, especially from those who have experienced fraud.
Wise-mystic
commented
1 week ago
Since the API exists, modify the endpoint to ensure users can only view fraud reports associated with their own accounts
Endpoint: /api/fraud/reports Method: GET Description: Enables users to view a list of all numbers reported. Authorization Required: Yes
Filters Should be able to filter by phone number, status, date range Should be able to filter user added reports only
Security Measures: Authorization Check: Ensure the user is authenticated to view only their own reports.
Feedback: Success: Returns a list of fraud reports. Failure: "You do not have permission to view these reports" or related errors
Note: Add test cases for all scenarios For private reports, only authenticated owners of report should be able to retrieve the data