Can one send data securely to a REST API endpoint

Say I have an endpoint to create a username:

  • https://example.com/api/create_user/foo/1234/ or
  • https://example.com/api/create_user/?name=foo&token=1234

Where username = foo and the api token is 1234:

Surely since foo and 1234 is encoded in the URL, it is public? My research says TLS encryption only encypts the body because the DNS servers need to know where to route the request.

QUESTION: Does this mean it is not secure to post data to a REST API endpoint?

Disclaimer, I guess one could encrypt the data first before putting it in the URL, e.g.:

  • Encrypt the name foo -> FF8811A
  • Encrypt the token -> AABBCCDDEEFF1122

And then request https://example.com/api/set_username/FF8811A/AABBCCDDEEFF1122/, and then the server decrypts the parameters.