Yes! Too many developers see web APIs as another interface between areas of the code little different to a function call or an object.
A Web API doesn't support the front-end, it is the front-end (at least when it comes to security and logical control).
We must assume that if it can be done, at some point it will be done... if something is behaviorally important, the mechanisms of the API should actually enforce the behavior, not just allow the behavior.
Yes! Too many developers see web APIs as another interface between areas of the code little different to a function call or an object.
A Web API doesn't support the front-end, it is the front-end (at least when it comes to security and logical control).
We must assume that if it can be done, at some point it will be done... if something is behaviorally important, the mechanisms of the API should actually enforce the behavior, not just allow the behavior.
Exactly!