A TL;DR; regarding exposing database keys — Use incrementing numbers for primary keys. Next to it, have a surrogate key that is a UUIDv4, and is generated on insert. The primary key increases performance for joins and internal workings in the database, while the surrogate key can be used externally to identify resources (users, payments, etc).
