Databricks Community

Sega2 · a week ago

Today we have an web frontend and custom API that we call from the frontend. I can see Lakebase projects support an API and SQL over REST. And we are considering whether skipping the custom API and calling the Lakebase API directly. However I see some places there are security concerns regarding this. Any recommended practices or exeprience that can be shared in this matter?

Ashwin_DSA · a week ago

Hi @Sega2,

I don't there are many patterns or approaches published widely yet. In general, though, for production web apps, you may want to consider something like frontend --> thin backend --> Lakebase rather than calling Lakebase Data API directly from browser.

The reasons are mostly standard web‑security concerns... You don’t want OAuth tokens with broad database access in the browser, and that's where a think backend gives you a place to centralise auth, rate limiting, input validation, and query shaping.

If you do use the Lakebase Data API from a web client, just make sure you follow the best practices recommended in the Lakebase API documentation.

Attached a snapshot below for reference.

If this answer resolves your question, could you mark it as “Accept as Solution”? That helps other users quickly find the correct fix.

Regards,
Ashwin | Delivery Solution Architect @ Databricks
Helping you build and scale the Data Intelligence Platform.
***Opinions are my own***

Databricks Community

Calling a Lakebase project API directly from an web frontend

Ending the Developer Struggle: The Future of Fast App Development - Virtual Event (May 5–7)

Solution Accelerator Series | Optimize Customer Email Support With LLMs

🌟 Community Pulse: Your Weekly Roundup! March 16 – 22, 2026

Share your thoughts on Genie and receive a $50 gift card!

BrickTalks Industry Month: Real-World Data & AI Use Cases Across Four Key Industries