fix: reconsider APIs

[aishikanandi]

Describe the bug
We need to reconsider APIs as we need to delete, update all traces of a specific entity from its associated entities.
Should the update request body consist the respective id? Shouldnt it be immutable/ inaccessible.
Users with same phone number must not exist. Uniqueness must be checked in db.
created_at to be implemented in the backend.