Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

One reason I could think of is that they may return the database (or cache, or something else) response after generating and storing the OTP. Quick POCs/MVPs often use their storage models for API responses to save time, and then it is an easy oversight...


that's my first thought at as well - like a basic CRUD operation that returns the row that was created as a response.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: