When doing some REST API calls, some of the internal field attribute codes in URL may become available to be seen. Is this a vulnerability? 

Any Supported Clarity Release 

• This is by design. 
• There are no plans to make any changes to how those are displayed
• The names and labels of Clarity attributes are considered to be metadata and not sensitive data. 
• Most of the Clarity requests where the attribute codes can be seen are only available with users permissions, such as API -Access
  • We recommend making sure this permission is granted accordingly only to users who are supposed to have it
• If any of the attribute names are something you consider sensitive, we recommend using more generic custom attribute names instead
  • User-defined / or custom attributes created through Studio are controlled by your administrator and they can ensure the attribute label and attribute id and attribute API are defined in a generic manager as to not expose sensitive information