How many of you have built very robust and secure restful api's, and had no traction? Makes you wonder if craftsmanship even matters for many startups.
Most of the things described in this post are easy to mitigate without much additional development effort. Rate limiting, role based access etc are commodities now.
Implementing server-side validations is, in my opinion, mandatory. This is even more important for any API with more than 1 client - Android, iOS, Web etc. Not only does it prevent basic security breaches, but also it prevents hard to track bugs. More importantly, why would you not centralise business logic as much as possible instead of having to duplicate it on every client.
Depending on what you mean by "start-up", those are all unfortunately still nice-to-haves, not mandatory, for a functioning app. Having just finished a stint as the main dev at a startup, even commodities still take a reasonable amount of effort for a top tier group of 1-5 people to manage, let alone the team you happen to have at the time (meaning not top tier, looking at myself here heh). Roll that into "we got funding and it's growth time, no space for architecture changes", it's not hard to see the path to skipping out on some things that are considered basic for a new project at a medium-large scale company. So not really against what you say, just a note that the ideal doesn't always match the reality
I understand how it ends up like this as I myself run a startup with a small tech team. Typically the issue is that we are always looking to add new features versus trying to fix issues from past. But I still believe that with good principles from the beginning, we will be able to build better software without costing us time
the ability to sell more shares matters, and recurring revenue is the most major component of being able to do that
nothing else does
its a dating app made to address issues women have had in other dating apps, founded/made/led by a woman, with the solution being the oxymoron of women messaging male matches first
thats it
thats the whole story
theyre publicly traded now, with a traditional IPO (no SPAC), that is called success
Implementing server-side validations is, in my opinion, mandatory. This is even more important for any API with more than 1 client - Android, iOS, Web etc. Not only does it prevent basic security breaches, but also it prevents hard to track bugs. More importantly, why would you not centralise business logic as much as possible instead of having to duplicate it on every client.