Security checks in API code should always live as close to the user as possible (such as in the route handler)—deeper code paths are often changed without consideration for security.
Security checks in API code should always live as close to the user as possible (such as in the route handler)—deeper code paths are often changed without consideration for security.