We are using Apigee BaaS to power a mobile application.
So far we have been using Apigee BaaS for CRUD operations on a collection. We use the in-built Facebook login to authenticate the user.
Now, we have different requirements due to which we have to add a lot of business logic. Where do I put this logic?
In the mobile app? Advantage: We can stick to the existing code and FB login wouldn't need any change and the usage of Apigee BaaS client SDK is intact. Disadvantage: All business logic in the front end? I am not very happy about it.
In nodejs proxy? Apigee recommends use of such the API Management/Edge to develop proxies with business logic. Advantage: code is cleaner on the mobile app side. Disadvantage 1) I can no longer user the client SDK 2) Two http calls - mobile app calls Apigee API management which then calls Apigee BaaS via NodeJs SDK. 3) FB login gets cumbersome. I have to probably send the tokens to the API management which will then pass it on to BaaS. The Behind the scenes beauty of FB login via client SDK is all but lost.
What should I do in a scenario like this? What's Apigee's recommendation?
I think you have laid out the pros and cons in your question. Apigee wouldn't recommend one over the other as a general rule. Each approach has its own merits/problems. In fact, you may find that using a combination of the two is best.