Hey there,
During preliminary security stress testing, a fellow colleague and I found that we could update user properties via the View User API Call (User | Chat Platform API | Sendbird Docs).
For example, a PUT request (https://{application-id}.sendbird.com/v3/users/{user-id}/ with the body parameters
{
"is_active": false
}
Could deactivate the user. Is this intended?
We also noticed that once a user has been deactivated and then reactivated, the user would lose all their chats. We were unsure if this was also intended?
Regards,
Brandon