[Critical] PATCH /prospects/{id} is a silent no-op — returns 200 but updates nothing

[loic2309]

Summary

PATCH /public/v1/prospects/{id} always returns HTTP 200 but does not update any field. The response contains the unchanged original values.

Steps to Reproduce

# Try to update organisation_name
curl -X PATCH \
  -H "Authorization: $OVERLOOP_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"organisation_name": "New Company Name"}' \
  "https://api.overloop.ai/public/v1/prospects/1167052"
# Response: 200 — but organisation_name is still null

Tested Payloads

All of the following return 200 but leave the prospect unchanged:

Payload	Content-Type
{ "organisation_name": "..." }	application/json
{ "organization_name": "..." }	application/json
{ "description": "..." }	application/json
JSON API spec format with data.attributes	application/vnd.api+json
PUT method instead of PATCH	application/json

Expected Behavior

The endpoint should apply the provided attribute updates and return the modified prospect.

Actual Behavior

HTTP 200 with a response body that contains the original, unmodified values for all attributes.

Impact

There is no way to update any prospect field via the public API. Specifically:

• organisation_name cannot be set after creation if it was omitted or set with the wrong field name
• No correction workflow is possible without deleting and recreating the prospect (which itself has critical issues, see related issue)