Devs - I would like to resurface this discussion. Please see my original post above and Juhan's specific thinking.
(direct) Channel access without a middle-layer or proxy of some kind is not recommended in production. By implication, anyone building a front end app that is aimed at end users and all of those already built, should be labeled on our sites as "for demo purposes only". >From what we know all of the (larger) companies out there that are using a customer facing front end, they are securing it beyond what is provided by default on our community built apps. And, we should have a group working on the design of that proxy/middle layer for both Fineract1.x and FineractCN. @ShivanshTiwari please note for Mifos Mobile Wallet project. If there is a way to include a proxy service that speaks to your app and then to the backend APIs that would be a good idea I think. - James @jdailey67
