For a simple example, let's say you create guestbook in your site and you plan to give external access for Create and Read functions via API. Update and Delete will not be included in the API since it should only be used internally.
What's a better practice?
Make the whole CRUD functions available via API and just restrict public access to Update and Delete. So you yourself will also use the API for all internal workings of the app.
Make internal CRUD functions without API for all internal workings, then create a separate API for Create and Read only. Basically this give you two ways to use Create and Read - one with API, one without.
Make internal Update and Delete functions without API for internal workings, then create API for Create and Read only. If you need to use Create and Read functions for internal workings, then you must use API.
I hope it's quite clear, what's generally the best practice?
Use API Management in external mode to access backend services deployed in the virtual network. Internal - The API Management endpoints are accessible only from within the VNet via an internal load balancer. The gateway can access resources within the VNet.
What is an external API? External APIs expose a business's internal resources to outside users or applications. For instance, third-party developers who need to access data or services that belong to a business, or who want to build apps that integrate with the business's platform, can do so using external APIs.
A good API thinks through its developer experience, providing complete, accurate, and easy-to-digest documentation. It also helps its developers by thinking through common use cases, the sort of things the real user of the API will want.
An API gateway is an API management tool that sits between a client and a collection of backend services. An API gateway acts as a reverse proxy to accept all application programming interface (API) calls, aggregate the various services required to fulfill them, and return the appropriate result.
I like the first option. It has a clear example of separation of concerns and using right tools in the right context.
By using CRUD approach for the API, you gain uniformity and integrity. It results in a more cohesive design, less code duplication and easier evolution down the road. The security aspect could be implemented either inside or outside of the application powering the API. For the outside option you could use 3-d party software or hardware solutions like firewalls, for example.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With