Version 0.6.1
Release Date: March 15, 2026
🛡️ Mutation Guards for Active Attempts
Quizzes, questions, and events are now protected from unsafe changes while participants are actively taking a quiz. Updating scoring fields, time limits, or deleting resources while attempts are in progress will return a 409 Conflict error (code G-001).
What's Protected
- Quiz:
time_limit_seconds,max_attempts,submission_mode,client_only, delete, and question binding - Question:
correct_answer,points,options, and delete - Event:
time_limit_seconds,max_attempts,submission_mode,client_only,starts_at,ends_at, and delete
Non-scoring fields like titles, descriptions, tags, and metadata remain freely editable at all times.
See Managing Active Attempts for full details.
⚡ Force-Submit Endpoints
Two new endpoints allow quiz owners to explicitly close all in-progress attempts when immediate changes are needed.
| Method | Endpoint | Description |
|---|---|---|
| POST | /api/v1/quizzes/{id}/force-submit | Force-submit all active attempts for a quiz |
| POST | /api/v1/events/{event_id}/force-submit | Force-submit all active attempts for an event |
Both endpoints materialize any pending data, submit all open attempts, and automatically schedule a leaderboard recomputation.
🔍 Event Filter on Attempt List
The GET /api/v1/info/attempts endpoint now supports an optional event_id query parameter, allowing you to filter attempts by a specific event.
📋 API Changes Summary
| Change | Endpoint | Details |
|---|---|---|
| New | POST /api/v1/quizzes/{id}/force-submit | Force-submit all quiz attempts |
| New | POST /api/v1/events/{event_id}/force-submit | Force-submit all event attempts |
| Updated | PUT /api/v1/quizzes/{id} | 409 guard on scoring/timing fields |
| Updated | DELETE /api/v1/quizzes/{id} | 409 guard when active attempts exist |
| Updated | POST /api/v1/quizzes/bind-questions | 409 guard when active attempts exist |
| Updated | PUT /api/v1/questions/{id} | 409 guard on scoring fields |
| Updated | DELETE /api/v1/questions/{id} | 409 guard when active attempts exist |
| Updated | PUT /api/v1/events/{event_id} | 409 guard on timing/scoring fields |
| Updated | DELETE /api/v1/events/{event_id} | 409 guard (replaces auto-submit) |
| Updated | GET /api/v1/info/attempts | New event_id filter parameter |
Breaking Changes
- Event deletion no longer auto-submits active attempts. It now returns
409 Conflictif active attempts exist. Use the new force-submit endpoint to close them explicitly before deleting.