公共和私人端点应该有单独的API吗？ [关闭]

If a website has a public facing front that consumes an API, and there's also a backend for users with more powerful roles that also consumes an API, should both parts of the site use the same API or different APIs (eg: /api/v1/resourceName vs /api/admin/resourceName)?

This really depends on your situation. If your private endpoints absolutely must remain private, then separate APIs is the only absolute solution. In general, that seems like overkill. For most situations, I would suggest maintaining a single API and designing your private endpoints with security in mind from the beginning.

Separate API's

• You have to maintain two code bases, or at least port parts of your private API to a public system.
• You have to maintain two production API systems.
• Better Security: public clients will not be able to access private internal resources on your API, even if user keys / passwords / etc. are breached, or there is an error in the way your public facing API handles security.

The Same API

• One codebase and one server.
• Security will be more important. You must make sure public clients can't access internal resources. Security breaches, or oversights on security on your private endpoints could cause serious problems.