Calling a Lakebase project API directly from an web frontend

Sega2
New Contributor III

Today we have an web frontend and custom API that we call from the frontend. I can see Lakebase projects support an API and SQL over REST. And we are considering whether skipping the custom API and calling the Lakebase API directly. However I see some places there are security concerns regarding this. Any recommended practices or exeprience that can be shared in this matter?