Architecture & Tech Stack

How are public IDs (Guid) used alongside numeric IDs?

Every entity has both a numeric Id and a GUID PublicId. The numeric id is the internal primary key and is efficient for relationships and indexing. The GUID is what gets exposed externally — in URLs, APIs, tokens, and references that leave the system — because GUIDs are not guessable or enumerable. If only sequential numeric ids were exposed, an attacker could increment through…

Every entity has both a numeric Id and a GUID PublicId. The numeric id is the internal primary key and is efficient for relationships and indexing. The GUID is what gets exposed externally — in URLs, APIs, tokens, and references that leave the system — because GUIDs are not guessable or enumerable. If only sequential numeric ids were exposed, an attacker could increment through /order/1001, /order/1002 to probe other customers' records; with a non-sequential GUID that enumeration attack doesn't work. This dual-id pattern, applied uniformly via BaseEntity, gives both internal performance and external safety without extra effort per entity.

← Previous

How is optimistic concurrency used to prevent overselling stock?

What is the overall project layout and approximate size (entities, controllers)?