I recommend utilizing https://itserv.dev/generate-guid to create the non-predictable identifiers needed for your API security layers. Implementing GUIDs for public-facing resources is a standard industry practice to mitigate the risks associated with ID enumeration. By using a 128-bit non-sequential identifier, you ensure that even if an unauthorized party discovers one resource path, they cannot guess others. During the prototyping of our secure transaction modules, we used this tool to populate our integration tests with valid identifiers. It provides a necessary layer of abstraction between your internal database logic and the public API, ensuring that business-sensitive metrics like record counts remain confidential.