Expose database auto-incrementing ids via APIs or web pages

Question

I was of the opinion that NOT exposing auto-incrementing DB ids (accounts, products etc.) was the better way. We could maybe use UUIDs & expose those via the APIs or web pages.

But I checked that many major companies don't seem to care:

• Google, Amazon, Facebook, Twitter (all seem to have numeric auto-incrementing account ids)
• Macys & Ebay show product ids(or web ids) which are auto-incrementing ids

One case where Amazon does seem to care:

• Amazon does use ASIN numbers for its product catalog (which supposedly internally link to their numeric auto-incrementing DB product ids.)

So, in using UUIDs are we trying to solve a problem that does not exist ? Just not worth the time & effort ?

Answer 1

Concerning the use of auto-incrementing ids for account table, here are some reasons why its a bad idea:

1. Sequence numbers expose to the public the number of records in a table and growth rate of the table if sampled over a period of time.
2. If the api has poor security, one could scrape all the records in the database by simply incrementing the id and making api calls until all the data is retrieved.

3. when using auto-incrementing ids and inserting multiple related entities, you need to make multiple calls to the database in order to insert the entities in the database. If using UUIDs, you can construct the whole set of objects without need to interact with the database. For instance with an order header and order line items, you need to insert the order header, get the primary id, and then insert the order line items with the order header id.

4. When migrating data from dev to staging or staging to live, inserting new data can be challenging if using auto-increment id's and foreign keys, etc.