Comment by cedws
3 days ago
You could get rid of the need for the browser completely just by publishing an OpenAPI spec for the API your frontend calls. Why introduce this and add a massive dependency on a browser with a JavaScript engine and all the security nightmares that comes with?
Because the nightmares associated with having an API, authentication, database, persistent server etc. are worse. If all you have is an SPA you shouldn't be forced to set up an API just to be called by an LLM.
I think API specs are a wrong problem to solve. It’s usually pretty easy to reverse engineer an API requests and responses from a frontend or network log. What’s hard and what an OpenAPI (or any API, but machine-readable specs tend to suffer most) spec would be typically missing is the documentation about all the concepts and flows for using this API in a meaningful manner.