Is NATS Suitable as a Public API Layer?

[veilag]

I’d like to better understand whether NATS is intended (or recommended) to be used as a replacement for HTTP REST APIs, especially when clients connect directly from a browser. Conceptually, this feels attractive: pub/sub + request/reply, low latency, schema-agnostic, etc.

My only concern is that browser clients (nats.ws/deno/js) are full NATS clients. NATS has Auth Callout with rich permission tuning; for example, it can grant access to certain request subjects and allow subscriptions only to the client’s own _INBOX prefix to receive replies. Is this sufficient to isolate public users from accessing anything that does not belong to them? And is it a good idea to do this at all?

[derekcollison]

Yes we have many users and customers who use NATS in this way, even extending all the way to the browser as you mentioned.