Credit card issuers don't pay for the cash back, it's the merchant. The merchant's are charged a credit card transaction fee that includes a fixed/percent fee determined by the negotiated contract with their bank (the acquirer), a small fixed/percent interchange fee that goes to the credit card payment networks (Visa, MasterCard, etc.), and finally a fee to the credit card issuer that provided the credit card to the consumer.
The credit card issuer fees can be the worst because of these high reward credit cards.
I'm very aware of this when shopping at a local small business. I'll pay either in cash or with my debit card, because the credit card fees are seriously squeezing small merchants.
I've been using LoopBack 3 in production for 18 months.
> added no value
It gives you an API explorer, routing, ORM, validation, error normalization, authentication, authorization via ACL, and more out-of-the-box. I'd consider this value.
> had lots of obvious vulnerabilities
I'd like to know more about this. The only thing I can think of is bypassing ACLs via fetching records and including relationships. I don't know of any framework or combination of libraries that doesn't have this vulnerability.
> LoopBack 3 was terrible - complicated
This is probably true. LoopBack 3 essentially uses a single model to represent your API and data model. This is the single responsibility principle taken to the extreme opposite. It's a complete nightmare at times. If you have an exact one-to-one mapping of your API to database, this may not be a problem.
> unless the entire team and philosophy behind it has been replaced
The credit card issuer fees can be the worst because of these high reward credit cards.
I'm very aware of this when shopping at a local small business. I'll pay either in cash or with my debit card, because the credit card fees are seriously squeezing small merchants.