I believe in the same conclusion as Maksym, however i would just like to point out, that you should use uuid's insted of simple id's as this opens door to a possible attack called "IDOR" or else known as "Insecure Direct Object Reference"