Send a 451 (error) instead of 200 (success) API code when Legal Privacy reasons prevent the Telco showing the result

[QaunainM]

Problem and Context

• The 451 API Error code is used for scenarios where data cannot be returned for legal / privacy reasons.

• For example, when doing a SIM Swap API request for the [/retrieve-date] endpoint (which should return a timestamp) against, a number that had a SIM Swap event greater than the maximum days that the Telco wants to expose for privacy reasons, the response comes back blank but still logs as a 200 API successful event

• Not all telcos are using the same privacy time period threshold, this will be due to privacy regulations that differ for each country and each Telco's legal policy.

To Reproduce

• Perform SIM Swap /retrieve-date on a German number with Telco (DT) that had the event done more than 30 days ago
• A blank (null) data point is returned with a '200' API response

Expected behavior

• As the restriction on the data being sent back is due to the Telcos privacy reasons
• An error API response could be returned, as a 451 (unavailable for legal reasons)
• An error message to be returned instead of a blank, i.e. Requests for data more than x days not allowed due to legal privacy reasons

Commonalities

• I think we will see this same type of issue across many of the CAMARA APIs due to the privacy regulations in each country, i.e. each Telco will have different MaxPrivacyDays that they use to determine if data can be sent back to the application developer