No Authentication

No JWT
No session
No API key
No identity
Anyone on the internet can fetch private loan records.

<img width="856" height="662" alt="Image" src="https://github.com/user-attachments/assets/47302327-d470-4ae7-bd30-acecbe656679" />