Currently, our call to get the groups for launching a challenge returns all groups, not just the groups the user has access to

Currently

We're calling GET https://api.topcoder-dev.com/v5/groups with an Authorization header for the user

Change

I'm expecting we'll have to make a call like this, with the memberId and membershipType, but I want to make sure this will actually return the groups the user has access to. For TonyJ in dev, it returns an empty list.

https://api.topcoder-dev.com/v5/groups?memberId=8547899&membershipType=group

Expectation

I need to have a call that returns just the groups the current has access to so I can update the challenge-engine-UI to only show those instead of all groups. Please clarify what the request should look like.

Ideally speaking, the below end point should have been made robust to return the groups which the user has access to.

https://api.topcoder-dev.com/v5/groups/memberGroups/:memberId

The work around way by calling /groups with memberId is not robust and it lacks security checks IMHO.