Summary
After deleting a prospect via DELETE /public/v1/prospects/{id}, the email address associated with that prospect is permanently blocked. Any attempt to create a new prospect with the same email returns 404 with a misleading error.
Steps to Reproduce
# 1. Create a prospect
curl -X POST \
-H "Authorization: $OVERLOOP_API_KEY" \
-H "Content-Type: application/vnd.api+json; charset=utf-8" \
-d '{"data":{"type":"prospects","attributes":{"email":"test@example.com","first_name":"Test","last_name":"User"}}}' \
"https://api.overloop.ai/public/v1/prospects"
# Response: 201 — id: 1167052
# 2. Delete the prospect
curl -X DELETE \
-H "Authorization: $OVERLOOP_API_KEY" \
"https://api.overloop.ai/public/v1/prospects/1167052"
# Response: 200
# 3. Try to create a new prospect with the same email
curl -X POST \
-H "Authorization: $OVERLOOP_API_KEY" \
-H "Content-Type: application/vnd.api+json; charset=utf-8" \
-d '{"data":{"type":"prospects","attributes":{"email":"test@example.com","first_name":"Test","last_name":"User"}}}' \
"https://api.overloop.ai/public/v1/prospects"
# Response: 404 {"errors":[{"code":"not_found","message":"Couldn't find User without an ID"}]}Verification That It's Email-Specific
- Creating
other@example.com (same domain, different local part) → 201 ✅
- Creating
test@other-domain.com (same local part, different domain) → 201 ✅
- Recreating
test@example.com → 404 ❌
Expected Behavior
Either:
- The deletion should be permanent and the email should be reusable afterward, or
- A 409 Conflict response with a clear message that the email is blocked and an undelete/restore endpoint should exist
Actual Behavior
The prospect is soft-deleted internally. The email is permanently blocked from re-creation via the public API. There is no restore or undelete endpoint.
Impact
Any deletion via the API is irreversible. A common workflow — delete a prospect with bad data, recreate with corrected data — is impossible. This caused permanent loss of 9 email addresses from our account that can no longer be managed via the API.
Summary
After deleting a prospect via
DELETE /public/v1/prospects/{id}, the email address associated with that prospect is permanently blocked. Any attempt to create a new prospect with the same email returns404with a misleading error.Steps to Reproduce
Verification That It's Email-Specific
other@example.com(same domain, different local part) → 201 ✅test@other-domain.com(same local part, different domain) → 201 ✅test@example.com→ 404 ❌Expected Behavior
Either:
Actual Behavior
The prospect is soft-deleted internally. The email is permanently blocked from re-creation via the public API. There is no restore or undelete endpoint.
Impact
Any deletion via the API is irreversible. A common workflow — delete a prospect with bad data, recreate with corrected data — is impossible. This caused permanent loss of 9 email addresses from our account that can no longer be managed via the API.