Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

In software development we call it abstraction. Privacy is for real people.


You can also say privacy is about protecting people's information, which is what abstraction allows us to do. It's also a matter of where to make the permissions decisions, at the view level or at the API resource level? At DoorDash, we've found that making that choice at the API resource level was the right decision.


In software there are usually multiple places to accomplish the same thing. I usually ask, "where do I put the work?" I'm usually thinking of the database vs. the framework on the server vs. the client.

The post is a great explanation of the choices and why the API resource was the way to go. Inspired us to take a look at how we put our API together.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: