Why this matters
Rejecting malformed input early keeps the scoring and lending flow safer.
Problem
The API currently depends too much on caller correctness for critical inputs.
Scope
- Validate request payloads at the API boundary.
- Return clear 4xx responses for invalid or incomplete requests.
- Keep the validation rules aligned with the flow docs.
Implementation guidance
- Work in
api/calculate-score.js, api/evaluate-and-mint.js, api/get-available-credit.js, and api/get-user-data.js.
- Use explicit validation so invalid payloads fail fast.
- Keep the error messages easy to understand for contributors and reviewers.
Out of scope
- Changing the core business logic of the score or lending flows.
- Adding a new auth system.
Acceptance criteria
- PR includes validation logic in the listed endpoints.
- Reviewer can reproduce at least one invalid request and see the expected 4xx response.
- The PR description lists the accepted request shape and error cases.
Validation
- Run
npm run dev and trigger an invalid request.
- Run
npm run build before opening the PR.
- Confirm the endpoint rejects the malformed input with the expected status.
PR requirements
- Include
Closes #43.
- Describe which invalid inputs are rejected.
- Note any shared validation helper that was introduced.
Complexity
Why this matters
Rejecting malformed input early keeps the scoring and lending flow safer.
Problem
The API currently depends too much on caller correctness for critical inputs.
Scope
Implementation guidance
api/calculate-score.js,api/evaluate-and-mint.js,api/get-available-credit.js, andapi/get-user-data.js.Out of scope
Acceptance criteria
Validation
npm run devand trigger an invalid request.npm run buildbefore opening the PR.PR requirements
Closes #43.Complexity