I've been caught by this myself. If you design a REST API with URL parameters, you'll eventually reach the maximum size of an address in the browser. If you don't cap these parameters, the user might end up with an invalid request.