Using a mapped ID helps because users cannot control the entire ID used to reference the resource. For example, if the user can only read files they have uploaded, the application can let users access files via an URL: example.com/uploads?id=3. But on the backend, the user’s session info is added to the id: username-uploads-3. Instead of using a direct reference in the URL example.com/uploads?id=username-uploads-3, which allows users to read others’ files: example.com/uploads?id=username2-uploads-3.