Aside from security issues it presents, it’s just a really bad idea to tightly couple your data model to your API like that.

Any change to your DB schema is liable to become a breaking change on your API. If you need separate types for your requests and responses so be it.