How does an api compare to directly querying your database

Question

I am kind of confused about when an API is needed. I have recently created a mobile app with flutter and cloud firestore as the database where i simply queried and wrote to the database when needed. Now i am learning full stack web development and I recently watched a tutorial where he built like an Express API with GET, POST, and DELETE functionality for a simple item in the database.

Coming from a background where i just directly accessed the database i am not sure why an API in this case is necessary, is it so I wouldnt have to rewrite the queries every time? This is a very simple project so he's definitely not making a 3rd party api for other developers to use. Am i misunderstanding what an API does exactly?

It was really simple, there was one collection in a MongoDB database and he was using postman to read and write to and from the database to check if it works.

score 2 · Answer 1 · answered Nov 13 '19 at 09:25

2

API is a standard way with which your front-end (web/mobile) stores/gets information for your application. Your front-end can/should not directly access database ever. Understand the purpose of front-end which is to just display the interface and should do minimal processing. All the application logic should be at your backend (API server) which is exposed to your frontend via API (GET, POST etc) calls. So to store an item in your database, you will write data storing logic in your backend, and expose an API end-point which when triggered will perform the storing operation. That API call should be used by your front-end to trigger the storing process. In this way your logic of storing/database or any other thing is not exposed, only the API URL is. The purpose of front-end is to be exposed whereas backend/database should never be exposed and used from front-end

answered Nov 13 '19 at 09:25

Muhammad Ahsan

21
3

Okay but can't i just trigger a read or write from a button click or something instead of letting the API handle it? So youre saying if i do that then, the users on client side can access things like my database queries or what not? Aren't those server side documents not public? – Potato Nov 13 '19 at 20:56
Anything on the client side is sort of public, so all your database URLs and passwords can be extracted if put into the front-end. This is just one of the reason. – Muhammad Ahsan Nov 14 '19 at 09:42
Okay sure but you can lets say on a button click or form submission on the front end send a route to the server and then the server queries directly from the database without using an api. The queries are present on the server and are private, so my question is why use an api if you can simply directly access the database from the server? – Potato Nov 14 '19 at 09:44
You are not understanding it correctly. API is the set of processes with which your front-end will access server (backend) which will do database transactions. So on a button click, an API call will be made to backend server. Backend server will have a certain logic written for that API call and it will perform certain actions, and after that API call will return response success/error to front-end – Muhammad Ahsan Nov 14 '19 at 10:07

score 1 · Answer 2 · answered Nov 13 '19 at 09:31

1

May be for you, an API is not necessary. But, the use-cases of an API is a lot.

For example:

You don't have to write business logic for every platform. (iOS, Android, Web, Whatever)
Your app will be lightweight since some computation would be offloaded to server.
Your app can be reverse engineered to get secret informations. (or, Your secret algorithm may be?)
What if you need to store something in filesystem that you want share with others?

Also a good read: Why we should use REST?

answered Nov 13 '19 at 09:31

Shihab

2,641
3
21
29

So youre saying instead of directly performing CRUD operations to the database, I handle the client's requests through an api and http methods because I dont want them being able to get sensitive info? How would they be able to get any sensitive info if i did that? – Potato Nov 13 '19 at 20:55
That is just one of the use-case. I have seen a lot of premium android app modified by developer to unlock premium features. It is done by reverse engineering. – Shihab Nov 14 '19 at 06:04
1

Another most important factor is coupling. To add to @Dijkstra API provides a way to decouple the logic from each other, thus allowing for more application reliability, maintainability ,fault-tolerance and if required scalability. – damitj07 Nov 15 '19 at 05:52

Philip · Answer 3 · 2019-11-13T20:03:30.597

In your case, you are using a pre-written SDK which knows how to connect to Firestore, does caching and updates application data when needed, and provides a standard method of reading, writing and deleting data in Firestore (with associated documentation and example data from google).

Therefore, using an API (as described for the mongoDB) is not required and is undesirable.

There are some cases where you might want to have no read or write access to a firestore collection or document, and in this case, you could write a cloud function which your app calls with parameters, that receives the data that you want to write and does some sort of checking or manipulation beyond the capabilities of cloud firestore rules (although these can get pretty sophisticated). See https://firebase.google.com/docs/firestore/security/get-started

Todd (in the video contained in this link) does a few good videos on this subject.

However, this is not really working in the same was as the API you mentioned in your question.

So in the case of using Firestore, you should use the SDK and not re-invent the wheel by creating your own API.

If you want to share photos for example, you can also store them in firebase storage and then provide a URL for other devices to access them without your app being installed.

If you want to write something to firestore which is then sent to all other users then you can use listeners on each app, and the data will be sent to the apps after it arrives at Firestore.

https://firebase.google.com/docs/firestore/query-data/listen gives an overview of this.

One thing to always look at with firebase is the cost of doing anything. Cloud functions cost more than doing a read of a firestore document.

This gives an overview of pricing for different capabilities within the firebase set of capabilities.

https://firebase.google.com/pricing

So you're saying flutter's sdk already has a firebase api so it hands all that stuff when i write simple queries? Is that why flutter doesnt really have a separated client or server side rather its all in one? What if i wanted to make a web app with firestore, would i need to write my api or is there one i can utilize using similar keywords as i had in flutter. From what I can see mongodb also has similar querying syntax, but in this tutorial I need to get and store data through http methods. So im still confused as to why I cant just directly perform CRUD operations on like button clicks etc — Potato, Nov 13 '19 at 20:53

score 0 · Answer 4 · answered Nov 15 '19 at 06:09

Another most important factor is coupling. To add to @Dijkstra API provides a way to decouple the logic from each other, thus allowing for more application reliability, maintainability, fault-tolerance and if required scalability.

Thus there is no right or wrong here, or the comparison of API vs DB call is in itself not justified for the fact that fetching the data from Database is the ultimate aim. Even if you use a REST API or Query a database.

The means to achieve the same can differ based on specific requirements. For example, fetching water from the well.

You can always climb down the well and fetch a bucket of water if you need 1 bucket per day and you are the only user.
But if there are many users you would want to install a pull and wheel where people use it to pour fetched water into their bucket, yet again this will depend if there are 100 users per day using or more than that. As this will not work in the case of more than 100 users.
IF the case is that an entire community of say 1000 user are going to need the water you would go with a more complex solution of installing a motorized water pump to pump out the water and supply it to the user's home via a pipeline. This solution has many benefits like fast supply, easy to use, filtered water, scheduled, etc. But the cost and effort to achieve the solution is higher as well.

All in all, It comes down to the cost-vs-benefit ratio which you and only you can chart out, for different solutions vs the particular problem, as you are the best judge of scale and future user flow.

While doing that you can ask the following question about the solution to help decide :

Is the solution satisfying the primary requirement of the problem?
How much time is it going to take to build it?
For the time we spend to build a solution, is it going to working at more than 75% or more of its capacity?
If not is there a simpler solution that I can use to satisfy the problem and scale it as the requirement increases?

HTH.

How does an api compare to directly querying your database

4 Answers4