Building a REST API for your web app exposes primary keys of DB records?

You are right, APIs should not expose internal data and structures, but if you depend on APIs not written by you, it will rarely be a good use of your time to develop a different API just feel better about this.

And even if you develop your own API it is going to be hard to use for example something instead of post ids without making the API response even slower. You can probably use some kind symetric “encryption” for that, but I assume 99.9% of the developers will not see the point (I am in the 0.1%, but the reality is that something like that is unlikely to add any significant security for most sites)

Related Posts:

  1. Store a default value for a transient on plugin activation
  2. Creating a post with the REST API, curl and oauth returning 401 error
  3. Does the REST API (official) support custom post types?
  4. wordpress custom endpoint multiple params
  5. Continue execution after WP REST API response
  6. Why is the post meta[] empty when I make a call to the wordpress rest api?
  7. WordPress Scheduled Event Request Blocking
  8. Accessing the database from a plugin outside of action hooks
  9. what is the best practice to add new field to an api route
  10. Woocommerce api: create product with images – bad request
  11. wp_remote_get() returns 403 while file_get_contents() does not
  12. Update results, Before deleting the related category [closed]
  13. Execute long and heavy processes
  14. PHP > Scheduled Tasks > Sending daily email with dynamic API variables
  15. wpdb prepare insert table doesn’t work
  16. How to set a template with wp_insert_post
  17. Is it possible to create new user from external form using REST API?
  18. Cant register rest routs from class instance
  19. Validate and Sanitize WP REST API Request using WP JSON Schema?
  20. Set default Database Storage Engine when creating tables with plugins?
  21. How to clone all WordPress Rest API end points
  22. How do I make this Metabox show current DB value?
  23. select a single val though a table in wordpress
  24. no_rest_route error on custom routes
  25. Flatten Responses returned via WP REST API via WP_Error for obfuscation
  26. How do i post data to url with fields?
  27. wp_update_post gives 500 internal error
  28. code that I can run, or a plug in to show what sql tables something pulls information from
  29. Looping through and combining calls to Woocommerce REST API
  30. get Woocommerce product format json for WP_Query
  31. How to edit the default database of WordPress [closed]
  32. base64_encode conflict with convert_smilies in wordpress
  33. Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?
  34. How to pass and validate nonce in custom REST routes
  35. Create custom table for wordpress custom registration flow
  36. Query posts by custom taxonomy slug in WP REST API?
  37. oneOf JSON Schema validation not properly working for custom post meta value?
  38. Authenticate + Authorize WP REST API request before built-in WP JSON Schema Payload Validation?
  39. Adding Microsoft Teams Incoming Webhook to WordPress, Problem with Rest Route?
  40. WordPress REST API – Custom field not added to pages
  41. Issue with WordPress Plugin Activation Hook and Table Creation
  42. REST API Plugin Update call back not updating the plugin
  43. Application password header not checked in REST API
  44. Can external API content be added to Rest API in WordPress
  45. Custom rest fields not loaded in rest api cpt response
  46. How can I find the cause of a 500 server error?
  47. I can’t update my data through $wpdb
  48. wpdb Cannot Update column in Database
  49. Can’t upload CSV file to plugin directory using custom upload form in admin panel
  50. wordpress frontend editor to add extra css to website
  51. Custom route and query
  52. Can’t successfully check if post with title exist in database
  53. Cant connect to database with php 7.3
  54. how to Update 15k products on plugin activation with meta_option
  55. Lost in trying to create user database system
  56. Delete database record using plugin from admin panel
  57. Why does my settings form redirect to the homepage?
  58. Using admin-post.php for admin form but it directs me to admin-post.php white screen
  59. Filter by field with array value in ACF on WP REST API
  60. How to get image from url from the database?
  61. Hooks for post saving make a post-new.php to load latest post’s data
  62. REST API works in browser and via AJAX but fails via cURL
  63. Wpdb get->results to out the the month from the db
  64. Custom Registration username_exists / email_exists
  65. How can I search all plugins for composer’s vendor/autoload.php?
  66. WordPress WP_Query without query GET parameters
  67. Filter results from a serialized string to use on statistics
  68. Where to copy woocommerce files to in my custom theme to avoid editing the core plugin?
  69. How to add data to a custom field at the wp_users table?
  70. Creating custom page template from existing PHP site
  71. wordpress site – using custom database and PHP
  72. Action Hook Inside WordPress Plugin Shortcode
  73. How can I display Custom Post type Custom Columns and its Content in a Dashboard Widget?
  74. Comment “like” problem – “users who like this” avatar linking to current user profile instead of “liker’s” profile
  75. custom post type with role Vendor
  76. How to override a plugins script
  77. Get wp_current_user_id using PHP and MySQL
  78. Can I remove or edit an include() from a function with a filter?
  79. Call to undefined function error in plugin
  80. Adding Additional Variables on Menus Page
  81. WPDB – Read and write value from / to database
  82. Woocommerce custom Plugin in wordpress [closed]
  83. How to Generate a list of Most Commented post?
  84. custom plugin with upload files does not work
  85. Why when I create a new post I found 2 record related to this post into the posts database table?
  86. Adding data to custom wordpress database table
  87. Removed jQuery script from header.php , any problems?
  88. phpMyAdmin error #1062 – Duplicate entry ‘1’ for key ‘PRIMARY’
  89. Add row to custom database Table and delete all rows older than 1 day
  90. Execute Jquery when a specific page in my plugin is loading
  91. How can I get plugin meta data without knowing the plugin folder?
  92. Using flickr api in custom wordpress plugin
  93. Toolbar Hidden in a Virtual Page
  94. PHP: How to access db the right way in plugin?
  95. What is the difference between Null vs Empty (Zero Length) string?
  96. calling admin-ajax.php from admin-ajax.php
  97. Submit form to db
  98. Get category id when SEO URL is turned on
  99. How to display results from a data table with an encrypted user id?
  100. SQL error with custom query
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)