Why Server must not trust the client.

Well, why we need to reason for this simple statement and write a 2-page article on this?

It is just simple common sense. Client code (even which we wrote) will be executed on the client machine. we don’t have control over machines and the network.

Even if we make UI checks and hide stuff on UI, anybody else can still make an API call with any value.

Never trust client UI

We must do validations on the server-side at 1st priority and client-side validations at 2nd priority.