Initially, the idea comes from Now.sh, where frontend is static, backend is serverless. The website loads faster, but when we need an API, there will be a little warm-up time.
But what if I want a full-blown powerful backend? (I use Fastify, actually.)
I plan to put backend on Heroku, as I am not sure about the cost if I put on Google Cloud Run...
For frontend, I'll just put on Netlify. An issue with Now.sh is just it knows too much. It won't let you host a static site without building first, for instance.
My concern is security. OK, I can use a CORS header on Heroku side, but do I need some kind of API secret to protect the API? If so, how do I put API secret on Netlify?