Developing Backend For Front End (BFF) — checklist/best practices

BFF sample architecture wrt Open APIs or traditional MVC apps

So you are making a front end using channels like mobile native app or hybrid app or a web app to let user consume and use data provided by APIs.

You don’t want to break trust of API provider or the user and also don’t want the competitors or third parties to leverage the trust established on you.

In that case, you will be required to safeguard the secrets and data which are shared by API and end user.

The suggested architecture may look like the pic above.

Here are some best practices you should follow while building as per above architecture.

If you are allowing access to your Front End (aka Channel) in an insecure environment (e.g. Web Browser) and user or the man-in-the-middle can access the content and traffic between you and API Gateway or API provider, you should develop a Secure server dedicated to your Front End.

This is called your BFF — Back end For Front End and also Best Friend Forever for your channel ;)

  • The (insecure) Front End app must not directly authenticate with the API Gateway to avoid leaking login credentials to user or man-in-the-middle

Javascript, Angular, Vue. Web App is all what I Do. And sometimes getting bored, i write articles and poems too!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store