The API Churn/Security Trade-Off (2016)

TLDR: Heavy client-side logic requires a trade off between API churn or an increasingly complex security model The Problem A recent article by Jean-Jacques Dubray, Why I No Longer Use MVC Frameworks sparked a long and interesting discussion on HackerNews which crystallized a fundamental problem I see with the current trend towards heavy client-side logic in web applications. Here is the start from that article, where Jean-Jacques lays out the problem: The worst part of my job these days is designing APIs for front-end developers. The conversation goes inevitably as: Dev – “So, this screen has data element x,y,z… could you please create an API with the response format {x: , y:, z: }” Me – “Ok” I don’t even argue anymore. Projects end up with a gazillion APIs tied to screens that change often, which, by “design” require changes in the API and before you know it, you end up with lots of APIs and for each API many form factors and platform variants. To summarize: if you are d ... Read full article.