Hey @Silvs,
Looks like your AI buddy fixated on the word “identifier.” That _id value does not look especially guessable (or necessarily sequential) to me, so it’s probably not a great target.
Consider the endpoint in that PUT request: /api/v2/notes/studentnote. It looks like the note’s name value is being used to reference individual notes (where the body of the request just contains the data to update the note with). However, the name value is not especially guessable either, since it’s created by the user.
Well, what if a different value could be used to reference an individual note? The Response body should have a list of key/value pairs, and one of those values is quite small and suggestive of a sequential pattern. If you could use that value instead, and if that value is sequential, it should be pretty easy to guess the value of existing (previous) notes…
Oh, and you probably don’t want to use the PUT method, lest you blow away the flag you’re trying to retrieve from the note…
Hope this helps! I’ve also updated the Challenge prompts, which were a little confusing. They should now do a better job of pushing you in the right direction.
Happing hacking!