diff --git a/website/server/controllers/top-level/payments/iap.js b/website/server/controllers/top-level/payments/iap.js
index 60e50d6d39..cb1b612afb 100644
--- a/website/server/controllers/top-level/payments/iap.js
+++ b/website/server/controllers/top-level/payments/iap.js
@@ -95,7 +95,7 @@ api.iapAndroidVerify = {
  **/
 api.iapiOSVerify = {
   method: 'POST',
-  url: '/iap/android/verify',
+  url: '/iap/ios/verify',
   middlewares: [authWithHeaders()],
   async handler (req, res) {
     let iapBody = req.body;
diff --git a/website/server/libs/api-v3/baseModel.js b/website/server/libs/api-v3/baseModel.js
index c736d613ea..009b735fa6 100644
--- a/website/server/libs/api-v3/baseModel.js
+++ b/website/server/libs/api-v3/baseModel.js
@@ -60,6 +60,9 @@ module.exports = function baseModel (schema, options = {}) {
       objectPath.del(plainObj, fieldPath);
     });
 
+    // Always return `id`
+    if (!plainObj.id && plainObj._id) plainObj.id = plainObj._id;
+
     // Allow an additional toJSON transform function to be used
     return options.toJSONTransform ? options.toJSONTransform(plainObj, doc) : plainObj;
   };
diff --git a/website/server/models/user.js b/website/server/models/user.js
index eda6760d9f..65480bf4ce 100644
--- a/website/server/models/user.js
+++ b/website/server/models/user.js
@@ -529,9 +529,7 @@ schema.plugin(baseModel, {
   noSet: [],
   private: ['auth.local.hashed_password', 'auth.local.salt'],
   toJSONTransform: function userToJSON (plainObj, originalDoc) {
-    plainObj.id = plainObj._id;
-
-    // plainObj.filters = {}; TODO Not saved, remove?
+    // plainObj.filters = {}; // TODO Not saved, remove?
     plainObj._tmp = originalDoc._tmp; // be sure to send down drop notifs
 
     return plainObj;