I’ve noticed a problem with the API and I’d like to know if this is expected behaviour, and if so, how we can mitigate against this since there are no attributes to assist.
- Upload a statement with a single transaction
- Note the ID of this new transaction on the bank account
- Use the UI to delete this transaction completely from the bank account
- Use the API to attempt to retrieve the bank transaction, using the ID recorded in step 2.
- The Bank Transaction is returned in the API response.
I posit that a deleted bank transaction should not be returned in the API. And if it must be, it should be marked with a deleted_at timestamp to indicate it cannot be used.
I also wonder what other deleted entities are directly retrievable via the API…