It would be nice if we developers could access the user id to identify the user instead of the username which can be changed by the user. I read that the the user_id is inaccessible because of security reasons.
Lets suppose a user starts to use your product to connect to Pinterest and you decide to identify the user by username. If the user's access and refresh tokens expire and the user updates their username before reconnecting to your product, there is no way to make sure the user is the same as the one who already connected before.
A solution to this could be to provide a hashed id which is created with the help of the user id and the application id.
What do you think about it?
Hi @csababrandwatch, welcome to the PBC!
As you probably have heard, the lack of a unique ID is part of the general direction of increasing the privacy of online services. As are many people in the industry, we're actively thinking about this area.
The best way to participate in this process would be to provide information about your use case on this feedback form. This kind of input helps us understand the interaction of privacy and developer productivity, and may help us improve our API.
Thank you for your response. We need a unique ID for one and only one reason: to identify our customers Pinterest account when they reconnect to our services. After the refresh token expires we need a way to verify that the account which the user is trying to connect is the same we have stored previously in our system. The official documentation mentions we should use the user name. But we can not use that, because it can be changed between the expiration and the reconnection. We though about using the boards, But there can be edge cases where the user removes all their boards and creating new ones before reconnecting.
We need an endpoint which returns an id, a hash, a key or an identifier. And this endpoint returns the same value regardless of the username or the boards.