I am reviewing our API security protocols, specifically how we expose resource identifiers in our RESTful endpoints. Currently, we use sequential IDs which, while efficient for indexing, expose us to insecure direct object reference (IDOR) vulnerabilities if the authorization logic has any gaps. Furthermore, it allows competitors to estimate our total volume of transactions by observing the ID increments. I am considering a transition to GUIDs to ensure that all public-facing identifiers are non-sequential and non-predictable. Has anyone implemented this specifically for financial or sensitive data systems?