What is and isnt safe API wise on the front end?

Im getting pretty familiar with Vue.JS and am enjoying it very much, and now I am getting into actually creating applications which require the use of various APIS. Currently I am working with the unofficial Robinhood API for creating a stocks app.

Now I don’t know TOO much about Node/Express formally, I generally work with a friend who codes PHP and provides end points to me.

Right now I can fetch stock prices on the front end with their open API.

https://api.robinhood.com/quotes/MSFT/

This seems like an appropriate use of accessing an API from the front end.

In my case I am actually building an app in Electron, not that it should matter but I wanted to add that in there. Now when working with other parts of the API, it is required that the request is authenticated with the user’s account information resulting in an access token over SSL.

Now, I don’t believe there is much if anything stopping me from doing this entirely inside Vue in the front end, unless at this point there is some CORS here. But if I am correct this would be bad practice, correct?

So two questions:

  1. Why is it bad practice to make certain requests from the front end, and what is safe and what is not?

  2. How exactly is this resolved? Do you just proxy the request to your own Node back end? And can you explain this more in detail?

Thank you guys.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.