Whether to encrypt sensitive parameters when developing api

for example, after making content reply and comment,
A user commented on the article
, B user replied to A user"s comment, in the previous development (traditional web development), user A"s ID was submitted in the form form,
but in the case of complete separation of the front and rear ends, is it advisable to expose user ID in the interface? Or encrypt the user ID before displaying it?

One way to write

is to generate a unique and irregular random string when the user registers, thus replacing the user"s ID, because the self-growing ID is likely to be guessed!

or is there any other good way

what I want to ask now is: is it advisable to expose user ID in
interface?
can I think so?

Apr.03,2021

this depends on the situation. If necessary, consider hashids/hashids


data inventory raw data. The
interface interactively uses encrypted data.
see my article

for details.

https://codeshelper.com/a/11.


it is possible to expose user id, but obtaining sensitive information through user id requires other authentication to increase security

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1eb8385-26b0.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1eb8385-26b0.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?