My question is regarding the security of APIs as it relates to client-side rendering. Recently, I’ve been making web applications using Vue.js or React, and letting them make requests to a backend API.
Since both of these frameworks are made with Client Side Rendering in mind, however, I am wondering how this may impact the security of my API. Since the requests are being handled client sided, what prevents anyone from looking at the code of my website and viewing the API endpoints, reverse engineering them, and making their own requests and messing with data? (especially on User account endpoints).