Building a REST API for your web app exposes primary keys of DB records?

You are right, APIs should not expose internal data and structures, but if you depend on APIs not written by you, it will rarely be a good use of your time to develop a different API just feel better about this.

And even if you develop your own API it is going to be hard to use for example something instead of post ids without making the API response even slower. You can probably use some kind symetric “encryption” for that, but I assume 99.9% of the developers will not see the point (I am in the 0.1%, but the reality is that something like that is unlikely to add any significant security for most sites)

Related Posts:

  1. Store a default value for a transient on plugin activation
  2. Creating a post with the REST API, curl and oauth returning 401 error
  3. Does the REST API (official) support custom post types?
  4. wordpress custom endpoint multiple params
  5. Continue execution after WP REST API response
  6. Why is the post meta[] empty when I make a call to the wordpress rest api?
  7. WordPress Scheduled Event Request Blocking
  8. Accessing the database from a plugin outside of action hooks
  9. what is the best practice to add new field to an api route
  10. Woocommerce api: create product with images – bad request
  11. wp_remote_get() returns 403 while file_get_contents() does not
  12. Update results, Before deleting the related category [closed]
  13. Execute long and heavy processes
  14. PHP > Scheduled Tasks > Sending daily email with dynamic API variables
  15. wpdb prepare insert table doesn’t work
  16. How to set a template with wp_insert_post
  17. Is it possible to create new user from external form using REST API?
  18. Cant register rest routs from class instance
  19. Validate and Sanitize WP REST API Request using WP JSON Schema?
  20. Set default Database Storage Engine when creating tables with plugins?
  21. How to clone all WordPress Rest API end points
  22. How do I make this Metabox show current DB value?
  23. select a single val though a table in wordpress
  24. no_rest_route error on custom routes
  25. Flatten Responses returned via WP REST API via WP_Error for obfuscation
  26. How do i post data to url with fields?
  27. wp_update_post gives 500 internal error
  28. code that I can run, or a plug in to show what sql tables something pulls information from
  29. Looping through and combining calls to Woocommerce REST API
  30. get Woocommerce product format json for WP_Query
  31. How to edit the default database of WordPress [closed]
  32. base64_encode conflict with convert_smilies in wordpress
  33. Properly process a custom WP REST API request (Authenticate, Authorize + Validate)?
  34. How to pass and validate nonce in custom REST routes
  35. Create custom table for wordpress custom registration flow
  36. Query posts by custom taxonomy slug in WP REST API?
  37. oneOf JSON Schema validation not properly working for custom post meta value?
  38. Authenticate + Authorize WP REST API request before built-in WP JSON Schema Payload Validation?
  39. Adding Microsoft Teams Incoming Webhook to WordPress, Problem with Rest Route?
  40. WordPress REST API – Custom field not added to pages
  41. Issue with WordPress Plugin Activation Hook and Table Creation
  42. REST API Plugin Update call back not updating the plugin
  43. Custom rest fields not loaded in rest api cpt response
  44. How to use update and delete query in wordpress
  45. Unrendered content Cornerstone through REST API
  46. add_meta_boxes action with refresh on save
  47. Refresh page after update_post_meta
  48. Would manually deleting the dumping data fix a “#1062 – Duplicate entry ‘1’ for key ‘PRIMARY'” phpMyAdmin error?
  49. WP database error for comments_popup_link()
  50. How to create Sub Sub domain Multi User blogs?
  51. Store and Work with huge array in WP [closed]
  52. Adding Custom Forms
  53. Custom filter in admin edit custom post type responding with invalid post type?
  54. How to access global variable $menu inside a class function
  55. Custom user login page by creating a plugin
  56. Singelton class does not work, multiple initialization on page reload
  57. How to upload a file to a folder named after the user_id via plugin
  58. Whitelisting items from custom options page
  59. Add_menu_page not displaying the menu in class based plugin
  60. adjust section according to country?
  61. Filtering a Database Query
  62. JSON REST API WordPress only showing first 10 categories
  63. Blob file download problem
  64. Hook called before text widget save
  65. Integrating boxtal PHP library into a custom WordPress Plugin
  66. Lost in trying to create user database system
  67. Hooks for post saving make a post-new.php to load latest post’s data
  68. Add row to custom database Table and delete all rows older than 1 day
  69. Using flickr api in custom wordpress plugin
  70. PHP: $_SESSION destroyed after page reload for my custom session
  71. Custom Endpoint – Does it possible to use PUT method with WP API Rest?
  72. Payment field disappears on custom Paypal plugin
  73. Creating a brand attribute as a variable
  74. Adding image upload in tag section – WordPress plugin development
  75. I am having errors with checkout on wordpress
  76. Error establishing a database connection (configuration)
  77. How can I update the price when someone enters postcode or zip code in woocommerce checkout page?
  78. Update user meta when an external link in admin notice is clicked
  79. Is there an option to execute javascript file only on plugin activation
  80. How do I remove an action hook inside a class that is called by another class?
  81. Ajax in a class instantiated via shortcode
  82. Multisite and the JSON REST API: How to?
  83. Shortcode Works for Logged in Users but Not Working for Guest
  84. Submit to itself don’t work
  85. WordPress / PhpStorm / XDebug and plugin_dir_path issues
  86. direct query to post_meta table
  87. special characters not supporting in wordpress
  88. How to set max users to 17.000
  89. Why this plugin is not working?
  90. Permission error on plugin save
  91. How to execute add_action() function from custom plugin to Crontrol plugin or do_action()?
  92. Implement OAuth2 in custom plugin
  93. login redirect based on user role not work as expected
  94. redirect user from login page if is logged
  95. How to lock users account until approvation
  96. Variable ++ in query loop
  97. External api call using wordpress
  98. Cannot register a custom WP-CLI command
  99. Display endpoint’s return into a file (file_put_contents())
  100. How can I catch WordPress custom settings page slug has already changed?