0

At work, we have a Web application, which makes queries to databases, and I’m asked to determine if using Web APIs could be an added value.

Personally, I’m not convinced it is.

I know Web APIs are tailored to let different systems speak a “common language”, but having one to just access databases seems overkill to me. Yes, I can edit, update and publish the API independently from the client application, but that seems to be the only good factor to me. The Web API would be stored in an on-premise server, so Cloud’s typical scalability, elasticity, etc. aren’t things to consider.

I’m talking about HTTP RESTful APIs. We have an ASP.NET MVC Web application (so, server-rendered) querying databases. Currently, the code to call the databases in embedded in the source code of the ASP.NET application.

Can I have your opinion?

Improve this question
14
  • 3
    How exactly are you proposing to control access to your database if you're not going through an API?
    – Philip Kendall
    Commented Sep 19, 2023 at 10:46
  • Currently, the Web application (which I inherited) has queries in the code, used with EF.
    – Pine Code
    Commented Sep 19, 2023 at 10:47
  • That's not access control.
    – Philip Kendall
    Commented Sep 19, 2023 at 10:48
  • 1
    @guillaume31: If it is server-side rendered, then how does the server access the database without using an API?
    – Jörg W Mittag
    Commented Sep 19, 2023 at 13:10
  • 1
    "but having one to just access databases seems overkill to me" it isn't. For you see, APIs are about policy, and databases only give you very coarse-grained ways to control and implement policy. I'm struggling to think of a non-trivial CRUD app I've built in the last 10 years we're e.g. postgres' access controls were sufficient to the task. Not to mention the security risk of having not hard-coded queries run against your db....
    – Jared Smith
    Commented Sep 19, 2023 at 14:39

2 Answers 2

Reset to default
4

If your application is purely a server side rendered application with no need to integrate with external systems, then a http api will add no value. You should still have an api, the internal model that your controllers call into to generate your views, but there is no need to expose it to the outside world.

There are however two capabilities exposing that model as an api would unlock. Firstly it would enable you to query new data from the client using javascript to update part of a page without a complete refresh. Secondly, a documented published api would all your clients to build automated integrations with external systems.

Improve this answer
3
  • 2
    Yes. Worth noting that having the additional capabilities is not always a good thing - having the capabilities implies an intent and commitment to maintaining them, and maintaining them can have a significant cost, in terms of work required as the system changes and barriers created to changing the system in future. OP should not create capabilities unless they are valuable enough make bearing these costs worth it.
    – bdsl
    Commented Sep 19, 2023 at 11:41
  • 1
    yes, the real difference will be enabling the switch to a SPA style front end. Not in adding an extra layer to your existing backend
    – Ewan
    Commented Sep 19, 2023 at 14:32
  • Yes, with SPAs, APIs are necessay.
    – Pine Code
    Commented Sep 19, 2023 at 15:40
0

Currently, the code to call the databases in embedded in the source code of the ASP.NET application.

If the ASP.NET application is the only application that uses the database, and that's not likely to change, then keeping the database query code embedded in the ASP.NET code is very likely the simplest and therefore best thing to do.

You may want to segregate the database code from other code within that application, maybe with a pattern like repository if you haven't already done it, but there's no real advantage, and some big disadvantages, to creating a separate application just to be an HTTP API over the database.

Keeping it all together in one repository and one deployment unit allows much easier evolution of the structure and semantics of the database over time, and lets you run tests as part of continuous integration to check that your application works with your database structure.

If you build an API around the database, then it will either be very general, in which case it doesn't really give you any advantage over connecting to the database directly, or it will be specific to the data used by your application, in which case whenever that changes you will need to make changes in both the API application and the application application, which will slow you down and discourage you from working to improve the internal design.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.