I did udacity course ud859 on google endpoints framework (Java). For accessing data in cloud datastore I used Objectify. Entity classes were defined in the following way
@Entity
public class Profile{
@Id
Long id;
}
This "id" attribute is used to identify each profile uniquely and is assigned in a random fashion using ObjectifyFactory instance.
So to access profile data one can form an endpoint "/profile/{id}"
Also this id can be used to make a key using Key.create(Profile.class,id); This method returns an instance of type Key<Profile>. One of its method key.getString() returns a websafestring representing that profile object.
The convention that is taught is to use websafestring for accessing and sharing data of Object over web.
I want to understand how is websafestring safe over web and what are the demerits of using the normally used URL type "/profile/{id}"
The websafe string encodes the entire ancestry of a Key which is required to look up an entity. A simple use case may define an ID as Key(MyKind, 1234L). Now if your entity has a parent of MyParentKind defined, then it's full key might be more like Key(MyKind, 1234L, MyParentKind, 5678L). A lookup in the ancestry case requires both the ID of the entity as well as the kind + id pairs for all ancestry. The websafe key encodes all of this information into a single string.