Should private REST endpoints reveal the parameter names in error messages?

The question I have is about whether parameter name(s) be exposed in an error message.

For example, let's say that the public endpoint is https://foo.bar.com/api/results?first=abcd. It's code is supposed to check that the parameter name specified by the user is correct and if it is misspelled, an error should be generated informing the user.

Questions:

Should the error message contain the name of the parameter (first)?
What if the endpoint were private? Should the error message contain the name of the parameter?
In short, should private endpoints reveal the parameter names?

Solution

Neither REST nor HTTP care. REST says we should use a uniform interface and standardized messages. HTTP defines standardized responses, and says that responses with Client Error semantics should include

a representation containing an explanation of the error situation, and whether it is a temporary or permanent condition.

It's up to you to decide what explanation of the error situation will be useful, and how it should be represented in the HTTP response.