Hacker News new | past | comments | ask | show | jobs | submit login

Because requirements are different. Our admin GUI needs much more data and different access controls than our web and mobile apps. Third party consumers have even more different requirements.

We never need to bikeshed with developers from all other teams to make sure things are consistent or whatever.

We generate endpoints from a Swagger spec. With good abstractions it is not much work. Frontend devs do modifications to these endpoints as well since they are so trivial.




> Because requirements are different. Our admin GUI needs much more data and different access controls than our web and mobile apps.

Indeed. And how does GraphQL solve the need for different data and different access controls to that data? :)


Not sure, I haven't seen a good story for it. We'll stick with REST.


I don't think APIs in general should have anything to do with authorization, other than passing along a token.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: