> create pointless complexity

My exact thought.

A lot else has failed in your system, from access control to API design, if this becomes a problem. Security by obscurity isn’t the answer.

If the only thing between an attacker and your DB is that they can’t guess the IDs you’re already in some serious trouble.