Best solution from a security perspective is and will always be to have a working authentication layer. Obsfuscating (by using UUIDs instead of IDs) will never be a replacement to that. Attackers can adquire the identifier in any other API endpoint that you have exposed.
If you have a working authentication layer, you definitively should not pay the performance costs of using UUIDs for the sake of obsfuscation.
If you're worried that in the future, your authentication layer may break because of human mistakes, you should create integration tests to ensure that the issue is detected before it reaches production.
Putting security aside, sometimes you do have to use UUIDs for different reasons, like uniqueness across different systems. Here is where tactics like mapping UUIDs to integer help.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Best solution from a security perspective is and will always be to have a working authentication layer. Obsfuscating (by using UUIDs instead of IDs) will never be a replacement to that. Attackers can adquire the identifier in any other API endpoint that you have exposed.
If you have a working authentication layer, you definitively should not pay the performance costs of using UUIDs for the sake of obsfuscation.
If you're worried that in the future, your authentication layer may break because of human mistakes, you should create integration tests to ensure that the issue is detected before it reaches production.
Putting security aside, sometimes you do have to use UUIDs for different reasons, like uniqueness across different systems. Here is where tactics like mapping UUIDs to integer help.