https://community.databricks.com/t5/lakebase-discussions/calling-a-lakebase-project-api-directly-from-an-web-frontend/m-p/151369#M29 <P>Today we have an web frontend and custom API that we call from the frontend. I can see Lakebase projects support an API and SQL over REST. And we are considering whether skipping the custom API and calling the Lakebase API directly. However I see some places there are security concerns regarding this. Any recommended practices or exeprience that can be shared in this matter?</P> Thu, 19 Mar 2026 07:59:43 GMT Sega2 2026-03-19T07:59:43Z https://community.databricks.com/t5/lakebase-discussions/calling-a-lakebase-project-api-directly-from-an-web-frontend/m-p/151369#M29 <P>Today we have an web frontend and custom API that we call from the frontend. I can see Lakebase projects support an API and SQL over REST. And we are considering whether skipping the custom API and calling the Lakebase API directly. However I see some places there are security concerns regarding this. Any recommended practices or exeprience that can be shared in this matter?</P> Thu, 19 Mar 2026 07:59:43 GMT https://community.databricks.com/t5/lakebase-discussions/calling-a-lakebase-project-api-directly-from-an-web-frontend/m-p/151369#M29 Sega2 2026-03-19T07:59:43Z https://community.databricks.com/t5/lakebase-discussions/calling-a-lakebase-project-api-directly-from-an-web-frontend/m-p/151377#M30 <P>Hi&nbsp;<a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/122912">@Sega2</a>,</P> <P class="p8i6j01 paragraph">I don't there are many patterns or approaches published widely yet. In general, though, for production web apps, you may want to consider something like frontend --&gt; thin backend --&gt; Lakebase rather than calling Lakebase Data API directly from browser.&nbsp;</P> <P class="p8i6j01 paragraph">The reasons are mostly standard web‑security concerns... You don’t want OAuth tokens with broad database access in the browser, and that's where a think backend gives you a place to centralise auth, rate limiting, input validation, and query shaping.&nbsp;</P> <P class="p8i6j01 paragraph">If you do use the Lakebase Data API from a web client, just make sure you follow the best practices recommended in the Lakebase API <A href="https://docs.databricks.com/aws/en/oltp/projects/data-api" target="_self">documentation</A>.</P> <P class="p8i6j01 paragraph">Attached a snapshot below for reference.</P> <P class="p8i6j01 paragraph"><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Lakebase security practices.png" style="width: 999px;"><img src="https://community.databricks.com/t5/image/serverpage/image-id/24993i984E5F7BE7E3A5FB/image-size/large?v=v2&amp;px=999" role="button" title="Lakebase security practices.png" alt="Lakebase security practices.png" /></span></P> <P class="p1"><FONT size="2" color="#FF6600"><STRONG><I>If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.</I></STRONG></FONT><I></I></P> Thu, 19 Mar 2026 09:36:10 GMT https://community.databricks.com/t5/lakebase-discussions/calling-a-lakebase-project-api-directly-from-an-web-frontend/m-p/151377#M30 Ashwin_DSA 2026-03-19T09:36:10Z