Thinking about non functional requirements (the -ities) and other concerns, which approach would you choose and why? consider the two snippets
Direct Supabase Connection
import { useState, useEffect } from "react"
import { createClient } from "@supabase/supabase-js"
export function GeneralTab() {
const [topicList, setTopicList] = useState([])
const fetchTopics = async () => {
try {
const supabase = createClient(process.env.SUPAURL,process.env.SUPAPUBLIC)
const { data } = await supabase.from("topics").select('topic')
setTopicList(data.map(item => item.topic))
} catch (error) {
console.error("Error fetching topics:", error)
}
}
useEffect(() => {fetchTopics()}, [])
}
Microservice Connection
import { useState, useEffect } from "react"
export function GeneralTab() {
const [topicList, setTopicList] = useState([])
const fetchTopics = async () => {
try {
const response = await fetch("https://your-microservice-endpoint.com/topics")
const data = await response.json()
setTopicList(data.map(item => item.topic))
} catch (error) {
console.error("Error fetching topics:", error)
}
}
useEffect(() => {fetchTopics()}, [])
}
Direct Supabase Connection
is simpler, faster to develop, and potentially has lower latency, but it exposes the API key and is less flexible.
Microservice Connection
offers better security, scalability, and flexibility but adds complexity and potential latency.
14
simpler, faster to develop
Do this first, provided it doesn’t stop you from switching.
better security, scalability, and flexibility
Are all nice things to have provided you get them done before going out of business.
but adds complexity and potential latency
Which will be easier to judge the impact of when you have something to compare it to.
but it exposes the API key
You have to evaluate the risks and accept them both as a business and personally.
If something goes wrong:
- Do you accept the potential financial loss?
- Are you going to jail?
The real problem here is not knowing what the risks are. If you don’t know then you can’t accept them, and should just follow best practice.
Frankly though are you actually forced to make this kind of choice? what’s it gonna take you a couple of extra days to make an API and add some out the box auth?