Comment by Ryosuke on "In your opinion what are some advantages and disadvantages on choosing an architecture with a backend api + React/Angular as consumers instead of monolithic frameworks like Django or CakePHP/Laravel?" | Hashnode
Separation of concerns. My frontend isn't tethered to my backend, so I can do dramatic things like scrapping my frontend completely and recoding it without mucking my API.
Scalability. Being a monolithic website is great, but when you need to start creating mobile or web apps that work off the same API -- you'll quickly wish they were separated. If someone bombs your frontend, you also lose your API, which leaves other apps hanging out to dry.
Easier development. It's hard to hand off a giant monolith to every dev on the team who wants to contribute. It's way easier to clone what I need (API or frontend or both), and build off that. And it makes organizing your git flow difficult, when you're managing features from way different sectors of the architecture.
Disadvantages
Building APIs. People might act like they love building APIs, but it's inarguable that it's a time sink. Anytime you build a feature, you need to create an API endpoint for your external apps to access (and ideally testing, to ensure it works). Sometimes it's way easier just to send data directly from my models to my view.
More work. Every time you want to make big changes to your app, you end up spinning up a development API and frontend, and committing changes to both. It can get confusing working across two projects, and particularly setting up a workflow that works flawlessly every time (like getting Docker containers to sync up). Way easier just to have everything in one project.
More infrastructure. Having a separate API means setting up another subdomain on my Apache/Nginx, and all the devops that goes behind managing that.
Less secure. It's way more secure just to have your app on the same server any secure data is queried/located. Client-side solutions like JWT are great for authentication, but not 100% secure, and require you to run another server as a middleman for any client-side apps anyway (plus CSRF, sessions, and all that jazz). Much easier just to have everything under the same server.
More complicated. Like stated in the previous point, tasks like authentication require setting up an OAuth server, generating JWT tokens, and plenty of other extras on the client-side (CSRF for forms, sessions for encrypted cookies, frontend form validation, etc). A monolithic Laravel app makes all that painless.