Why Server must not trust the client.

Well, why we need to reason for this simple statement and write a 2-page article on this?

It is just simple common sense. Client code (even which we wrote) will be executed on the client machine. we don’t have control over machines and the network.

Even if we make UI checks and hide stuff on UI, anybody else can still make an API call with any value.

Never trust client UI

We must do validations on the server-side at 1st priority and client-side validations at 2nd priority.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store