I’m working on a web application and trying to figure out the best approach for API calls. Most tutorials I’ve seen use a setup where the frontend makes requests to /api/* paths on the same domain, and then nginx or another reverse proxy forwards those requests to the actual backend server.
For example:
- Frontend calls:
https://myapp.com/api/users
- Proxy forwards to:
https://backend-server.com/api/users
But what if I skip the proxy entirely and have my frontend directly call the backend domain? Like making requests straight to https://backend-server.com/api/users from my React app.
Is there something wrong with this direct approach? I’m wondering if it’s just a preference thing or if there are actual security or performance issues I should worry about. For my current project, calling the backend directly seems way easier since I don’t need to mess with proxy configuration or server rules.
Any thoughts on whether this direct method is acceptable or if I should stick with the proxy pattern?
Interesting question! What scale are you targeting? I’m curious how you handle auth tokens with direct calls - is token refresh trickier when you’re hitting the backend directly? Also, have you considered what happens if you need to switch backend providers down the road?
Direct API calls can be practical for smaller applications, but they can lead to complications as your project scales. One of the main challenges is managing CORS; your backend needs to whitelist each frontend domain, which can become cumbersome when dealing with multiple environments or adding new domains. Additionally, direct calls expose your backend endpoints, making future changes to URLs or implementing load balancing more complex. From my experience, while direct calls might seem straightforward, establishing a reverse proxy early on can prevent significant refactoring issues in the future and enhance security through request filtering and better API monitoring.
totally agree! direct calls can be fine for smaller apps but keep an eye on CORS stuff. using a proxy can make things easier later, like adding rate limiting or updating backend URLs without needing a frontend change. it all comes down to your project requirements.