DEF-030 — 15 features are non-functional: endpoints return 404 or redirect instead of handling requests
DEF-030 — 15 features are non-functional: endpoints return 404 or redirect instead of handling requests
Summary
15 endpoints across vehicles, stories, convoys, marketplace, CMS, and social links either return HTTP 404 Not Found or silently redirect the caller to the website homepage. These represent core application features — viewing a single vehicle, creating a story, joining a convoy, reading the privacy policy — that are completely non-functional at the API level.
Environment
- Platform: DriveLink Backend API
- Server:
https://project6.dxtserver.com/drivelink_new/public/api/v1 - Area: Vehicles / Feed / Convoy / Marketplace / CMS
- Date Reported: 2026-06-17
- Testing Phase: Backend API Testing
Affected Endpoints
Return HTTP 404 Not Found
| Endpoint | Method | Feature Affected |
|---|---|---|
/vehicles/{id} |
GET | View a specific vehicle’s details |
/vehicles/{id} |
PUT | Edit/update a vehicle |
/vehicles/{id} |
DELETE | Remove a vehicle |
/story/{id} |
GET | View a single story/post |
/convoy/{id} |
GET | View convoy details and member list |
/sale/{id} |
GET | View a marketplace listing |
/cms-pages/about |
GET | About Us page content |
/cms-pages/privacy-policy |
GET | Privacy Policy |
/cms-pages/terms |
GET | Terms & Conditions |
/social-links |
GET | App social media links |
Silently Redirect to Homepage (HTTP 302)
| Endpoint | Method | Feature Affected |
|---|---|---|
/story |
POST | Create a new story/post |
/convoy |
POST | Create a new convoy |
/convoy/{id}/join |
POST | Join a convoy |
/convoy/{id}/leave |
POST | Leave a convoy |
/sale |
POST | Create a marketplace listing |
Steps to Reproduce
- Example (404):
GET /vehicles/56with a valid Bearer token → 404 stack trace (see also DEF-029) - Example (redirect):
POST /storywith a valid Bearer token → HTTP 302 tohttps://project6.dxtserver.com/drivelink_new/public
Expected Behaviour
Each request is handled and returns a meaningful JSON response — either the requested resource or a clear error.
Actual Behaviour
- 404 endpoints: Return a Laravel debug stack trace (see DEF-029) rather than a JSON response
- Redirect endpoints: Return HTTP 302 to the website homepage — the API client receives no JSON, no error, just a redirect to an HTML page
Impact
Vehicle management: Users can list their vehicles and add new ones, but cannot view, edit, or delete any individual vehicle via the API. If a user adds a vehicle with incorrect details, there is no API path to fix or remove it. During testing, a test vehicle (ID 57, VIN “TEST1781701053VIN”) was created and cannot be deleted — it will persist indefinitely in the system.
Content creation: Stories, convoys, and marketplace listings can only be listed — they cannot be created via the API. The social/community features of the app are entirely read-only at the backend level.
Convoy participation: Join and leave actions for convoys are non-functional. Users can see convoy listings but cannot interact with them.
CMS and legal content: About, Privacy Policy, and Terms & Conditions pages return 404. These are required content for app store compliance and user trust. The FAQ and Contact Details pages do work (/cms-pages/faqs, /cms-pages/contact-details).
Social links: The endpoint for retrieving the app’s social media links is not implemented.
Additional Note
GET /get_other_user_profile returns “GET method not supported” — the feature works correctly only when called as POST /get_other_user_profile with userId in the body. This is an HTTP method inconsistency for an otherwise functional endpoint.
Severity
High
Status
New
Reported By
QA / Testing Team