I am new to front end web development and have some very basic questions regarding some security issues regarding backbonejs (probably Ajax in general).
I am working on mobile apps for a while now, and for most of them what I do is to build an API that handles the requests and provides data for the application in JSON format. When using an app, I can add some security to the access to my data using API secret keys and such. This way I can make sure that whoever is asking for the data is allowed to get the JSON data for that application and, theoretically, wouldn't be able to make lots of requests to my API in order to download raw data for their own purpose. The server (API) runs on nodejs with mongodb as db server.
The problem is that now that the mobile app is working, I need to make a web interface as an alternative for users to interact with the application. I have seen some examples of backbone.js and the impression I have is that for one to use it, the server must openly provide the data in JSON format. If I do this, anyone would be able to make requests and get the data from any endpoint. I believe this is because of the way Ajax works. So, if I wanted to serve the data as html, not the raw JSON data, is it still possible to use Backbone.js? What I was thinking is something like:
Browser makes a request to the web server Web server gets data from API API validates key and secret and returns the JSON data to WebServer Web server sends HTML to the browser ' I am really sorry to ask this. I have never worked with web development and I am aware this is probably a very basic question. If these assumptions are correct, then does it mean I won't be able to use Backbone.js or Ajax based frameworks?
Thanks so much,
Marcel
