Building a REST API for your web app exposes primary keys of DB records?

You are right, APIs should not expose internal data and structures, but if you depend on APIs not written by you, it will rarely be a good use of your time to develop a different API just feel better about this.

And even if you develop your own API it is going to be hard to use for example something instead of post ids without making the API response even slower. You can probably use some kind symetric “encryption” for that, but I assume 99.9% of the developers will not see the point (I am in the 0.1%, but the reality is that something like that is unlikely to add any significant security for most sites)

Related Posts:

  1. Store a default value for a transient on plugin activation
  2. Creating a post with the REST API, curl and oauth returning 401 error
  3. Does the REST API (official) support custom post types?
  4. wordpress custom endpoint multiple params
  5. Continue execution after WP REST API response
  6. Why is the post meta[] empty when I make a call to the wordpress rest api?
  7. WordPress Scheduled Event Request Blocking
  8. Accessing the database from a plugin outside of action hooks
  9. what is the best practice to add new field to an api route
  10. Woocommerce api: create product with images – bad request
  11. wp_remote_get() returns 403 while file_get_contents() does not
  12. Update results, Before deleting the related category [closed]
  13. Execute long and heavy processes
  14. PHP > Scheduled Tasks > Sending daily email with dynamic API variables
  15. wpdb prepare insert table doesn’t work
  16. How to set a template with wp_insert_post
  17. Is it possible to create new user from external form using REST API?
  18. Cant register rest routs from class instance
  19. Validate and Sanitize WP REST API Request using WP JSON Schema?
  20. Set default Database Storage Engine when creating tables with plugins?
  21. How to clone all WordPress Rest API end points
  22. How do I make this Metabox show current DB value?
  23. select a single val though a table in wordpress
  24. no_rest_route error on custom routes
  25. Flatten Responses returned via WP REST API via WP_Error for obfuscation
  26. How do i post data to url with fields?
  27. wp_update_post gives 500 internal error
  28. code that I can run, or a plug in to show what sql tables something pulls information from
  29. Looping through and combining calls to Woocommerce REST API
  30. get Woocommerce product format json for WP_Query
  31. How to edit the default database of WordPress [closed]
  32. base64_encode conflict with convert_smilies in wordpress
  33. Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?
  34. How to pass and validate nonce in custom REST routes
  35. Create custom table for wordpress custom registration flow
  36. Query posts by custom taxonomy slug in WP REST API?
  37. oneOf JSON Schema validation not properly working for custom post meta value?
  38. Authenticate + Authorize WP REST API request before built-in WP JSON Schema Payload Validation?
  39. Adding Microsoft Teams Incoming Webhook to WordPress, Problem with Rest Route?
  40. WordPress REST API – Custom field not added to pages
  41. Should I use spl_autoload_register() in my plugin?
  42. Using register_activation_hook in classes
  43. Is there a way for a plugin to add an attribute to the tag of a theme?
  44. How Do I Add User Custom Field to REST API Response?
  45. Why WordPress uses 4 tables to manage terms
  46. My shortcode is showing up twice
  47. Database “Migration” for Plugins?
  48. No wp-config.php file on local install of wordpress – site still displays
  49. How to find the output of contact form 7 shortcode? [closed]
  50. using woocommerce_template_single_add_to_cart in shop-loop – javascript issues [closed]
  51. Does wp-cron runs all tasks scheduled at same time together or one after other?
  52. Will simple function names in a class structure conflict with other plugins?
  53. WP nonce invalid
  54. How can i upload images in an admin page?
  55. Create WP_Query to search for posts by their categories or their parent/child categories
  56. Retrieve $_POST data submitted from external URL in WordPress(NOT API)
  57. Reprinting tags with all attributes
  58. database sent to a JSON file
  59. Filtering a Database Query
  60. JSON REST API WordPress only showing first 10 categories
  61. Blob file download problem
  62. Hook called before text widget save
  63. Integrating boxtal PHP library into a custom WordPress Plugin
  64. Lost in trying to create user database system
  65. Hooks for post saving make a post-new.php to load latest post’s data
  66. Add row to custom database Table and delete all rows older than 1 day
  67. Using flickr api in custom wordpress plugin
  68. Toolbar Hidden in a Virtual Page
  69. PHP: $_SESSION destroyed after page reload for my custom session
  70. Custom Endpoint – Does it possible to use PUT method with WP API Rest?
  71. Payment field disappears on custom Paypal plugin
  72. Creating a brand attribute as a variable
  73. Adding image upload in tag section – WordPress plugin development
  74. How to Remove Theme Style CSS inside Custom Plugin?
  75. How to Send Pingbacks for all Posts in WordPress?
  76. I am having errors with checkout on wordpress
  77. Error establishing a database connection (configuration)
  78. How can I update the price when someone enters postcode or zip code in woocommerce checkout page?
  79. Update user meta when an external link in admin notice is clicked
  80. Is there an option to execute javascript file only on plugin activation
  81. How do I remove an action hook inside a class that is called by another class?
  82. Ajax in a class instantiated via shortcode
  83. Parsing webhook from Shopify in WordPress
  84. Multisite and the JSON REST API: How to?
  85. Shortcode Works for Logged in Users but Not Working for Guest
  86. Submit to itself don’t work
  87. WordPress / PhpStorm / XDebug and plugin_dir_path issues
  88. direct query to post_meta table
  89. special characters not supporting in wordpress
  90. How to set max users to 17.000
  91. See output of a sql query while plugin installation in wordpress
  92. Why this plugin is not working?
  93. Permission error on plugin save
  94. How to execute add_action() function from custom plugin to Crontrol plugin or do_action()?
  95. Implement OAuth2 in custom plugin
  96. login redirect based on user role not work as expected
  97. redirect user from login page if is logged
  98. How to lock users account until approvation
  99. Variable ++ in query loop
  100. External api call using wordpress