Description
The API exhibits inconsistent behavior when receiving a request with an empty body {}. The returned status code depends on whether the route is public or private, which complicates error-handling standardization on the front-end.
Steps to Reproduce
- Send a
POST request with an empty body {} (empty payload).
- Test it on a public route (e.g.,
POST /usuarios).
- Test it on a private route (e.g.,
POST /produtos or POST /carrinhos).
Expected Behavior
The API should consistently return a contract validation error status (400 Bad Request) across all routes whenever it receives an empty or malformed JSON body.
Actual Behavior
- Public routes (such as
/usuarios): The API correctly returns 400 Bad Request (content validation).
- Private routes (such as
/produtos and /carrinhos): The API returns 401 Unauthorized (authentication error), bypassing the content validation checks that should evaluate the payload format first.
Evidences

Description
The API exhibits inconsistent behavior when receiving a request with an empty body
{}. The returned status code depends on whether the route is public or private, which complicates error-handling standardization on the front-end.Steps to Reproduce
POSTrequest with an empty body{}(empty payload).POST /usuarios).POST /produtosorPOST /carrinhos).Expected Behavior
The API should consistently return a contract validation error status (400 Bad Request) across all routes whenever it receives an empty or malformed JSON body.
Actual Behavior
/usuarios): The API correctly returns 400 Bad Request (content validation)./produtosand/carrinhos): The API returns 401 Unauthorized (authentication error), bypassing the content validation checks that should evaluate the payload format first.Evidences