← All posts
7 min read

Frontend, Backend, and Full Stack: Experience, Shared Truth, and the Boundary Between

#technology#frontend#backend#full-stack#application-architecture
📑 On this page

Many applications are divided into a part that runs near the user and a part that runs on controlled servers.

The frontend presents information and handles interaction; the backend protects shared data, business rules, and privileged operations; full-stack work spans the contract between them.

The boundary is not merely visual code versus serious code. It separates environments with different trust, latency, deployment, and ownership.

A concrete example: checkout

The frontend:

  • Displays cart items
  • Collects address and payment choice
  • Shows validation feedback
  • Indicates loading and success

The backend:

  • Reads authoritative prices
  • Verifies inventory
  • Applies discounts and tax
  • Authorizes the customer
  • Requests payment
  • Creates the order

The browser can show an estimated total, but the backend must calculate the final amount from trusted records. A user controls their browser and can modify requests.

What counts as a frontend

A frontend may be:

  • Website in a browser
  • Native mobile app
  • Desktop application
  • Command-line client
  • Smart-device interface

It owns concerns close to the user:

  • Layout
  • Navigation
  • Input handling
  • Accessibility
  • Local interaction state
  • Formatting
  • Optimistic feedback

Some frontends also perform substantial local processing, offline storage, media work, or machine-learning inference.

Frontend does not mean simple. It means the component operating at the user-facing edge.

What counts as a backend

A backend commonly provides:

  • APIs
  • Authentication and authorization
  • Business workflows
  • Database access
  • Integration with payment, email, or other services
  • Scheduled and background work
  • Audit and operational controls

It runs in an environment controlled by the organization.

That makes it the trusted enforcement point for shared rules, but not automatically secure. Backend input still comes from users, partners, queues, and compromised clients and must be validated.

The client is not trusted

Frontend code and requests can be inspected and changed.

Never rely only on:

  • Hidden buttons
  • Disabled form fields
  • Client-side price calculation
  • JavaScript validation
  • A role stored in local storage

Client validation improves experience by catching mistakes early. Server validation protects the system.

The backend must verify identity, permission, values, and current state for every consequential operation.

Shared truth belongs behind trusted controls

Some state can safely remain local:

  • Open tab
  • Draft text
  • Selected theme
  • Scroll position

Shared business truth usually belongs in backend-managed storage:

  • Account ownership
  • Inventory
  • Payments
  • Orders
  • Permissions
  • Published records

The frontend can cache or optimistically display a version, but needs reconciliation with the authoritative source.

This distinction becomes especially important with offline behavior and multiple devices.

Rendering can happen on either side

HTML may be rendered:

  • On the server
  • In the browser
  • During a build
  • Through a hybrid combination

Server rendering can improve initial delivery and search visibility. Client rendering can support rich interaction after load.

Rendering location does not determine where security rules belong.

A server-rendered page still needs backend authorization. A client-rendered app still receives trusted decisions from APIs.

Architecture should separate presentation strategy from authority.

Communication crosses a network

Frontend and backend communicate through APIs or protocols such as HTTP and WebSocket.

Network communication introduces:

  • Latency
  • Timeouts
  • Partial failure
  • Retries
  • Serialization
  • Version compatibility
  • Authentication

The frontend should represent states such as:

  • Loading
  • Empty
  • Offline
  • Failed
  • Retrying
  • Partially available

A user interface that assumes every request succeeds instantly exposes network behavior as confusion.

Contracts connect the layers

An API contract defines:

  • Request shape
  • Response shape
  • Errors
  • Permissions
  • Pagination
  • Versioning
  • Timing expectations

Both sides can evolve independently while respecting the contract.

Shared generated types can reduce mismatch, but should not encourage the frontend to depend on internal database structures.

Expose concepts meaningful to the user workflow rather than raw tables.

Backend for frontend

Different clients can have different needs.

A mobile app may need:

  • Smaller responses
  • Offline synchronization
  • Push-token handling
  • Mobile-specific authentication

A backend for frontend, or BFF, provides an API tailored to one client type while coordinating deeper services.

This can simplify clients and reduce excessive calls.

It also creates another component and can duplicate logic if business rules leak into several BFFs. Shared policy should remain in an appropriate authoritative layer.

Optimistic user interfaces

An optimistic UI updates immediately before the backend confirms.

When a user likes a post:

  1. The count changes locally.
  2. A request is sent.
  3. The UI confirms or rolls back based on the result.

This reduces perceived latency.

It works best for reversible, low-risk actions.

For payment or inventory, the interface should clearly represent pending state rather than claim final success before the backend commits it.

Frontend performance

Frontend performance depends on:

  • Download size
  • Parsing and execution
  • Rendering
  • Images and fonts
  • Device capability
  • Network quality
  • Number of requests

Backend response time is only one part of user-perceived speed.

Measure real-user performance and critical interaction paths.

Moving work into the browser can reduce server cost while increasing battery use, accessibility problems, or delay on low-powered devices.

Backend performance

Backend performance depends on:

  • Database access
  • Cache behavior
  • External services
  • Serialization
  • Concurrency
  • Queueing
  • Resource saturation

The backend can aggregate data so the frontend avoids many round trips.

But one giant endpoint that fetches everything creates slow responses and tight coupling.

Design around user workflows, bounded data, and measurable latency.

Independent deployment and compatibility

Web frontends can often deploy quickly. Mobile apps may remain installed for months.

A backend must therefore support old mobile clients or require a clear upgrade policy.

Use:

  • Additive API changes
  • Capability negotiation
  • Version support windows
  • Feature flags
  • Graceful handling of unknown fields

Frontend and backend deployment schedules are part of architecture.

Separate repositories do not create independence if every release must still happen simultaneously.

Full-stack work

A full-stack developer works across several layers.

That can include:

  • User experience
  • Browser or mobile code
  • API design
  • Business logic
  • Data model
  • Deployment
  • Monitoring

Full stack does not mean one person is equally expert in every specialty.

Strong full-stack work understands the end-to-end path and knows when security, accessibility, database, infrastructure, or design expertise is needed.

Breadth improves coordination; specialization still matters.

Ownership should follow outcomes

Teams divided rigidly into frontend and backend queues can create handoffs:

  • UI waits for endpoint.
  • Endpoint exposes the wrong shape.
  • Errors are discovered only during integration.

Cross-functional ownership of a user outcome encourages the layers to be designed together.

Technical boundaries remain useful, but the team shares responsibility for:

  • Correctness
  • Accessibility
  • Performance
  • Security
  • Operability

Users experience one product, not an organizational chart.

Knowledge check

  1. Why must the backend recalculate a checkout total?
  2. Which kinds of state can safely remain frontend-local?
  3. What failures does the UI need to represent at a network boundary?
  4. When can a backend for frontend be useful?
  5. Why does full-stack breadth not eliminate specialist expertise?

The one idea to remember

The frontend owns interaction near the user; the backend owns trusted shared rules and state. A good full-stack design makes their network contract, authority, failure behavior, and shared user outcome explicit.