Technical · Dispatch № 12

Frontend vs. Backend: The Map That Makes Everything Click

Learn the crucial difference between frontend and backend. Understand where your code runs and why this mental model is essential for building web apps.

Frontend vs. Backend: The Map That Makes Everything Click

There's one piece of knowledge that separates developers who build resilient applications from those who don't. It's not a framework, tool, or AI model—it's understanding the fundamental architecture of how web applications work.

The Core Principle

The essential distinction is straightforward: Frontend code runs on your user's device. Backend code runs on yours. This isn't metaphorical but literally true. When someone visits your app, their browser downloads files and executes them locally. The user interface, buttons, forms, and styling all run on their machine. Your backend operates on servers you control, handling data, business logic, and database operations.

Understanding the Flow

Consider a to-do app example. The user sees an interface with a text input and save button—this is frontend code. When they type and click save, that click triggers a request that travels to your server. Your backend validates the input, saves it to the database, and returns a response. The updated task appears in their browser.

The Golden Rule

If it needs to be trusted, it belongs on the backend. The frontend is public, anyone can see it, and anyone can edit it. This principle has critical implications:

API Keys: Never store API keys in frontend code. Users can access them through browser developer tools, exposing your credentials and accounts to misuse.

Form Validation: While browser-side validation provides helpful feedback, it's insufficient alone. Users can disable JavaScript or manipulate requests. Backend validation is non-negotiable for security.

Business Logic: Rules governing permissions, pricing, and access must live on the backend where they cannot be bypassed.

Decision Framework

When uncertain about where functionality belongs, ask:

  • Does it involve secrets like API keys or passwords? → Backend
  • Must it be trusted and tamper-proof? → Backend
  • Does it only affect appearance with no security implications? → Frontend is acceptable

Practical Application in Laravel + Inertia

In this stack, the boundary becomes visible in the file structure. React components in resources/js/Pages/ run in the browser (frontend), while controllers in app/Http/Controllers/ run on your server (backend). Inertia serves as the bridge, passing data from backend to frontend.

Key Takeaways

Every feature crosses this boundary at least once. Understanding where the line falls helps you write better prompts for AI assistance, identify bugs faster, and build more secure applications. The map transforms vague feature requests into precise technical specifications and provides a framework for evaluating code quality.