I created backend in Django with REST API and added these api with mobile apps but for website I am calling from another server

Question

I created backend in Django with REST API and added these api with mobile apps but for website I am calling from another server which is built in .net framework now this server call API and then implement data with frontend. can you tell me this is good option or not because this is adding one another server means it can make my process slow and cost me more but for security purpose is it good or not? first I implemented my api direct in frontend but everyone can check my api and this can harm my website. I am creating e-commerce website. I didn't used php because I know .net better.

Answer 1

It's not a good idea. By adding an extra server application in the middle of your API Rest and front-end, you are wasting time and resources.

Your front end application should make the requests directly to the API REST. It's true that your users will be able to see the endpoints of your API REST, but that's not an issue if you add a secure token authentication system between your front and API.

In DRF you can configure your API to only respond to those requests that are authenticated in your server. Authentication can be made with Tokens, oAuth, etc. And all the requests should be made with a Token bearer included in the head of the requests, so your server app knows which requests are secure or not.

I would suggest to take a look at the authentication documentation of DRF.

https://www.django-rest-framework.org/api-guide/authentication/