[koliber]

I strongly disagree with the advice in this article. There are many reasons. I’ll name a few.

Your DB is likely to contain internal state that has no business being sent to the client. Over time applications change and fields can change meaning, become deprecated, or become dependent on other fields through business logic.

If you do this, any business logic not captured in your backend has to be duplicated in each front end. Imagine needing to write and maintain the same business logic in a JavaScript framework, Java for Android, and Swift for your iOS app.

How do you make breaking DB changes if you take on this strategy of API design?

In most cases in my professional career, making a choice to have a thin RESTful API that corresponds closely to the DB structure has been a mistake that only time made clear. RPC-like APIs fared much better.

This advice may be good for a proof of concept, a prototype, or an early version which stands a good chance of getting rewritten. I would not recommend it for anyone wishing to build a lasting architecture.

Don’t take my word for it. Take a look at your favorite famous internet company and look at their API and try to deduce if they follow this advice or not.

[partyboat1586]

If you use React Native, React and a shared Redux layer you can share all this business logic between iOS, Android and Web. If you make breaking DB changes you still have the REST layer to buffer them. If REST won't cover your breaking changes with data transforms because you are deleting whole tables and restructuring then it's time to refactor the front end as well anyway. I disagree with the front end sending SQL directly but a thin REST layer with a little validation seems ideal to me.

[politelemon]

Op, please listen to the advice given here. If your blog post is a reflection of your startup's production stack, I would be very concerned.

[kartickv]

Author here.

> Your DB is likely to contain internal state that has no business being sent to the client.

Which is why not all tables need to be sent to the client. The post gives an example of exposing the friends table to the client but not others.

> If you do this, any business logic not captured in your backend has to be duplicated in each front end.

No, the post says to make your backend layer as thin AS POSSIBLE, not to not have a backend layer at all costs even if it means duplicating code.

> How do you make breaking DB changes if you take on this strategy of API design?

You change the frontend!

> This advice may be good for a proof of concept, a prototype, or an early version which stands a good chance of getting rewritten.

Which is why the blog post begins by saying, "Say you've started a startup today"

> I would not recommend it for anyone wishing to build a lasting architecture.

In a startup, I wouldn't recommend over-designing on day 1, because that's a good way of not delivering enough business value fast enough and so going bust.

> Take a look at your favorite famous internet company and look at their API and try to deduce if they follow this advice or not.

As the blog post says, you shouldn't cargo-cult Google or Amazon. You don't operate at their scale, you don't have as much traffic, you don't have as many teams, and so on. You should what makes sense for you given your company's maturity and where in the product lifecycle you are.

[koliber]

> Which is why not all tables need to be sent to the client. The post gives an example of exposing the friends table to the client but not others.

What if the "is_active" flag takes on more nuanced meaning over time, as you add "client_activation_status", and over time expand that meaning. All frontend clients of the API need to be aware of such low-level changes. An API acts as an insulation layer.

> No, the post says to make your backend layer as thin AS POSSIBLE, not to not have a backend layer at all costs even if it means duplicating code.

At one point the post says to get rid of it altogether and use SQL, making the architecture 2-layer. If you do have a backend layer, and it does have business logic, that business logic will stand between your DB and the client. This logic will vary in thickness, but in a mature application will be substantial.

> You change the frontend!

How do you force a synchronized iOS app update to all the people who have your app installed?

> Which is why the blog post begins by saying, "Say you've started a startup today"

Fair point. Still, it is not something I would do except in throwaway prototypes or proof-of-concepts.

> In a startup, I wouldn't recommend over-designing on day 1, because that's a good way of not delivering enough business value fast enough and so going bust.

Agreed on this advice. And you need to ask yourself how you will gradually adapt the software you've built so that it can change with the needs, risk profile of your clients, and growth of your company. An approach to API design you describe is fundamental, and it would be difficult to adapt it without scratching it altogether and starting afresh with v2.

> As the blog post says, you shouldn't cargo-cult Google or Amazon. You don't operate at their scale, you don't have as much traffic, you don't have as many teams, and so on. You should what makes sense for you given your company's maturity and where in the product lifecycle you are.

Agree about not cargo-culting. Agree about adjusting approach to company maturity. My experience has showed me that the approach you suggest has too many disadvantages for building any production software.

I wish you best of luck and hope that at the very least I and others on this thread were able to offer another perspective.