Another question that I have is if it's safe to expose a user's uuid? A scenario would be if I wanted to visit a user's profile. The url could be something.com/12312-3oidhasid-139uUAHD

Hey Kenny, It should be fine in most cases, depending on your exact setup. If you have sensitive user data, your server should be handling authentication for any data access. The UUID on its own is not usually considered sensitive.

Okay, thanks for clarifying