Back end-for-Front end: The most secure architecture for browser-based apps(fusionauth.io)
fusionauth.io
Back end-for-Front end: The most secure architecture for browser-based apps
https://fusionauth.io/blog/backend-for-frontend-security-architecture
moving to a bff pattern isnt just about hiding tokens, its about reducing the client attack surface entirely. shifting api orchestration and sanitization to edge proxies makes so much more sense. the browser should just be a dumb terminal rendering ui, not a secure vault managing state and credentials