line 59 adminMux.POST("/account/:foreignID/pay", t.payToAddress) seems to be a pretty serious security vulnerability. You would want to make sure to authenticate a call such as this one.
helpers.go lives in /pkg/webapi on
line 13 httpCodeForError could use a 422 response in addition to 400 bad request to identify malformed requests in addition to bad ones (BAD JSON vs. NOT JSON)
I am pretty sure this would look something close to
string(giga.UnproccessableEntity): 422but have no way of testing it at the moment 😢