diff --git a/api/api.go b/api/api.go
index b7d8b74d..907d599e 100644
--- a/api/api.go
+++ b/api/api.go
@@ -63,7 +63,7 @@ func StartInternal(config APIConfig) {
 }
 
 func baseMiddleware(logger *zerolog.Logger, e *echo.Echo) {
-	e.Use(libmiddleware.Tracer())
+	e.Use(libmiddleware.Tracer("string-api"))
 	e.Use(libmiddleware.CORS())
 	e.Use(libmiddleware.RequestId())
 	e.Use(libmiddleware.Recover())
diff --git a/api/handler/card.go b/api/handler/card.go
index fcfaa12e..befc5448 100644
--- a/api/handler/card.go
+++ b/api/handler/card.go
@@ -36,6 +36,11 @@ func (card card) GetAll(c echo.Context) error {
 		return httperror.InternalError(c, "missing or invalid platformId")
 	}
 
+	err := libcommon.SanitizeIdInput(&struct{ UserId, PlatformId string }{userId, platformId}, &userId, &platformId)
+	if err != nil {
+		return httperror.BadRequestError(c, err.Error())
+	}
+
 	res, err := card.Service.FetchSavedCards(ctx, userId, platformId)
 	if err != nil {
 		libcommon.LogStringError(c, err, "cards: get All")
diff --git a/api/handler/login.go b/api/handler/login.go
index 8f2b3481..6a5b0ae2 100644
--- a/api/handler/login.go
+++ b/api/handler/login.go
@@ -62,6 +62,11 @@ func (l login) VerifySignature(c echo.Context) error {
 		return httperror.InternalError(c, "missing or invalid platformId")
 	}
 
+	err := libcommon.SanitizeIdInput(&struct{ PlatformId string }{platformId}, &platformId)
+	if err != nil {
+		return httperror.BadRequestError(c, err.Error())
+	}
+
 	strBypassDevice := c.QueryParam("bypassDevice")
 	bypassDevice := strBypassDevice == "true" // convert to bool. default is false
 
@@ -117,6 +122,11 @@ func (l login) VerifySignature(c echo.Context) error {
 		return httperror.InternalError(c)
 	}
 
+	err = libcommon.SanitizeIdOutput(&resp.User)
+	if err != nil {
+		libcommon.LogStringError(c, err, "RefreshToken: unable to sanitize id output")
+		return httperror.InternalError(c)
+	}
 	return c.JSON(http.StatusOK, resp)
 }
 
@@ -127,8 +137,13 @@ func (l login) RefreshToken(c echo.Context) error {
 		return httperror.InternalError(c, "missing or invalid platformId")
 	}
 
+	err := libcommon.SanitizeIdInput(&struct{ PlatformId string }{platformId}, &platformId)
+	if err != nil {
+		return httperror.BadRequestError(c, err.Error())
+	}
+
 	var body model.RefreshTokenPayload
-	err := c.Bind(&body)
+	err = c.Bind(&body)
 	if err != nil {
 		libcommon.LogStringError(c, err, "login: binding body")
 		return httperror.BadRequestError(c)
@@ -164,6 +179,11 @@ func (l login) RefreshToken(c echo.Context) error {
 		return httperror.InternalError(c)
 	}
 
+	err = libcommon.SanitizeIdOutput(&resp.User)
+	if err != nil {
+		libcommon.LogStringError(c, err, "RefreshToken: unable to sanitize id output")
+		return httperror.InternalError(c)
+	}
 	return c.JSON(http.StatusOK, resp)
 }
 
diff --git a/api/handler/quotes.go b/api/handler/quotes.go
index f6e9162c..71545ee3 100644
--- a/api/handler/quotes.go
+++ b/api/handler/quotes.go
@@ -52,6 +52,10 @@ func (q quote) Quote(c echo.Context) error {
 	if !ok {
 		return httperror.InternalError(c, "missing or invalid platformId")
 	}
+	err = libcommon.SanitizeIdInput(&struct{ PlatformId string }{platformId}, &platformId)
+	if err != nil {
+		return httperror.InternalError(c, "Failed to sanitize platform id")
+	}
 
 	res, err := q.Service.Quote(ctx, body, platformId)
 	if err != nil {
diff --git a/api/handler/transact.go b/api/handler/transact.go
index b3363e3a..b110d200 100644
--- a/api/handler/transact.go
+++ b/api/handler/transact.go
@@ -42,9 +42,14 @@ func (t transaction) Transact(c echo.Context) error {
 		return httperror.InternalError(c, "missing or invalid platformId")
 	}
 
+	err := libcommon.SanitizeIdInput(&struct{ UserId, DeviceId, PlatformId string }{userId, deviceId, platformId}, &userId, &deviceId, &platformId)
+	if err != nil {
+		return httperror.BadRequestError(c, err.Error())
+	}
+
 	var body model.ExecutionRequest
 
-	err := c.Bind(&body)
+	err = c.Bind(&body)
 	if err != nil {
 		libcommon.LogStringError(c, err, "transact: execute bind")
 		return httperror.BadRequestError(c)
diff --git a/api/handler/user.go b/api/handler/user.go
index b40c00d8..0daa00ff 100644
--- a/api/handler/user.go
+++ b/api/handler/user.go
@@ -43,9 +43,14 @@ func (u user) Create(c echo.Context) error {
 		return httperror.InternalError(c, "missing or invalid platformId")
 	}
 
+	err := libcommon.SanitizeIdInput(&struct{ PlatformId string }{platformId}, &platformId)
+	if err != nil {
+		return httperror.BadRequestError(c, err.Error())
+	}
+
 	ctx := c.Request().Context()
 	var body model.WalletSignaturePayloadSigned
-	err := c.Bind(&body)
+	err = c.Bind(&body)
 	if err != nil {
 		libcommon.LogStringError(c, err, "user:create user bind")
 		return httperror.BadRequestError(c)
@@ -88,6 +93,11 @@ func (u user) Create(c echo.Context) error {
 		return httperror.InternalError(c)
 	}
 
+	err = libcommon.SanitizeIdOutput(&resp.User)
+	if err != nil {
+		libcommon.LogStringError(c, err, "user: unable to sanitize id output")
+		return httperror.InternalError(c)
+	}
 	return c.JSON(http.StatusOK, resp)
 }
 
@@ -98,6 +108,10 @@ func (u user) Status(c echo.Context) error {
 		return httperror.Unauthorized(c)
 	}
 
+	err := libcommon.SanitizeIdInput(&struct{ UserId string }{userId}, &userId)
+	if err != nil {
+		return httperror.BadRequestError(c, err.Error())
+	}
 	status, err := u.userService.GetStatus(ctx, userId)
 	if err != nil {
 		libcommon.LogStringError(c, err, "user: get status")
@@ -123,12 +137,22 @@ func (u user) Update(c echo.Context) error {
 
 	_, userId := validUserId(IdParam(c), c)
 
+	err = libcommon.SanitizeIdInput(&struct{ UserId string }{userId}, &userId)
+	if err != nil {
+		return httperror.BadRequestError(c, err.Error())
+	}
+
 	user, err := u.userService.Update(ctx, userId, body)
 	if err != nil {
 		libcommon.LogStringError(c, err, "user: update")
 		return httperror.InternalError(c)
 	}
 
+	err = libcommon.SanitizeIdOutput(&user)
+	if err != nil {
+		libcommon.LogStringError(c, err, "user: failed to sanitize id output")
+		return httperror.InternalError(c)
+	}
 	return c.JSON(http.StatusOK, user)
 }
 
@@ -152,7 +176,12 @@ func (u user) VerifyEmail(c echo.Context) error {
 		return httperror.BadRequestError(c, "Invalid email")
 	}
 
-	err := u.verificationService.SendEmailVerification(ctx, platformId, userId, email)
+	err := libcommon.SanitizeIdInput(&struct{ UserId, PlatformId string }{userId, platformId}, &userId, &platformId)
+	if err != nil {
+		return httperror.BadRequestError(c, err.Error())
+	}
+
+	err = u.verificationService.SendEmailVerification(ctx, platformId, userId, email)
 	if err != nil {
 		libcommon.LogStringError(c, err, "user: email verification")
 
@@ -178,9 +207,14 @@ func (u user) PreValidateEmail(c echo.Context) error {
 		return httperror.InternalError(c, "missing or invalid platformId")
 	}
 
+	err := libcommon.SanitizeIdInput(&struct{ UserId, PlatformId string }{userId, platformId}, &userId, &platformId)
+	if err != nil {
+		return httperror.BadRequestError(c, err.Error())
+	}
+
 	// Get email from body
 	var body model.PreValidateEmail
-	err := c.Bind(&body)
+	err = c.Bind(&body)
 	if err != nil {
 		libcommon.LogStringError(c, err, "user: pre validate email bind")
 		return httperror.BadRequestError(c)
diff --git a/go.mod b/go.mod
index e0e07320..91e41731 100644
--- a/go.mod
+++ b/go.mod
@@ -4,7 +4,7 @@ go 1.19
 
 require (
 	github.com/DATA-DOG/go-sqlmock v1.5.0
-	github.com/String-xyz/go-lib v1.6.0
+	github.com/String-xyz/go-lib v1.7.0
 	github.com/aws/aws-sdk-go v1.44.168
 	github.com/aws/aws-sdk-go-v2/config v1.18.7
 	github.com/aws/aws-sdk-go-v2/service/ssm v1.33.4
diff --git a/go.sum b/go.sum
index 422d95c3..e77d14e3 100644
--- a/go.sum
+++ b/go.sum
@@ -26,8 +26,8 @@ github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpz
 github.com/Shopify/goreferrer v0.0.0-20181106222321-ec9c9a553398/go.mod h1:a1uqRtAwp2Xwc6WNPJEufxJ7fx3npB4UV/JOLmbu5I0=
 github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6 h1:fLjPD/aNc3UIOA6tDi6QXUemppXK3P9BI7mr2hd6gx8=
 github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg=
-github.com/String-xyz/go-lib v1.6.0 h1:Wf6wX0wpKbg620RAfSMnp8mHLFc/GHq7Ru1/JNfm+RE=
-github.com/String-xyz/go-lib v1.6.0/go.mod h1:TFAJPYo6YXvk3A1p1WkFuoN5k1wGHbRTxuOg9KLjpUI=
+github.com/String-xyz/go-lib v1.7.0 h1:dDJpeqLDK0BBP6Db+upPwySmcxcmvOlnxb+PXFBHzfM=
+github.com/String-xyz/go-lib v1.7.0/go.mod h1:TFAJPYo6YXvk3A1p1WkFuoN5k1wGHbRTxuOg9KLjpUI=
 github.com/VictoriaMetrics/fastcache v1.6.0 h1:C/3Oi3EiBCqufydp1neRZkqcwmEiuRT9c3fqvvgKm5o=
 github.com/VictoriaMetrics/fastcache v1.6.0/go.mod h1:0qHz5QP0GMX4pfmMA/zt5RgfNuXJrTP0zS7DqpHGGTw=
 github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY=