Depending on the complexity of the problem I prefer to use the backend based on the following pattern:
- Frontend makes a request to run a backend function with optional parameters which the end-user specified (ie a search request).
- Depending on the parameters supplied, different functions might be run before the backend queries the third party API.
- 3rd party API response is returned to the backend.
- Backend either passes the response along or does more stuff before passing the request along.
- Then the frontend does stuff with the data based on the response received (ie there were less than 5 results so adding pagination is not necessary).
That way you can:
- Keep any necessary credentials on the server.
- Obtain logs.
- Validate on both the server side and the client side for an added layer of security.
- Use the server to filter sensitive results if necessary before they reach the frontend.
- Vary which parts of the heavy lifting are done on the server vs the device in order to improve the application performance.
- Modify your server function as needed without modifying the front-end distributable. This matters when creating a mobile or desktop app where you have to get appstore approval before a release can go live.