DEV Community

loading...

Discussion on: Good Bye Web APIs

Collapse
mikeyglitz profile image
mikeyGlitz

How does this approach address communications from both ends from a security standpoint? Would there be a way to authenticate with RCP?
How can you ensure your client isn't being intercepted a-la man in the middle?
How do you ensure your communication is encrypted?

Collapse
mikeyglitz profile image
mikeyGlitz

Just out of curiosity, does the framework have parameters for ordering your requests such as etag? That's important for things like versioning.

Collapse
mikeyglitz profile image
Thread Thread
mvila profile image
Manuel Vila Author

Then your concern is about caching? Layr is a solution for building web apps, not websites. Caching backend responses at the HTTP level is essential for websites but not so useful for web apps. Layr might support ETags in the future, but it is not something on the priority list.

Thread Thread
baskarmib profile image
Baskarrao Dandlamudi

There are various use cases where Caching is implemented at the API level, like metadata which does not change too often. These are usually cached at API level and returned to clients with out hitting database to fetch the metadata. Do Layr support this?

Thread Thread
mvila profile image
Manuel Vila Author

Not yet but this may be implemented in the future.

Collapse
mvila profile image
Manuel Vila Author

I am sorry, but I am not sure I understand your question. What do you mean by "ordering your requests"?

Collapse
mvila profile image
Manuel Vila Author

Conceptually, authentication works the same as with typical web APIs. Instead of passing a token through a cookie or an HTTP header, you pass it through a static class attribute. You can find an example of implementation here: github.com/layrjs/react-layr-realw...

About security concerns, you can expose your Layr backend through HTTPS.