Hi,
Is it correct that every api action I create (nodejs) could be called by someone outside my site/app and so that is the reason we need to use security restrict? If that is the case, how do you stop people just harvesting your data on public facing parts of your site by connecting to the API? For example if you ended up having a massive site with lots of content that someone might want to harvest to use for themselves (their own apps/site/to sell), how would you ever stop this if the api to show the public data has to be unrestricted?
I think I may just be totally misunderstanding how it works as I am still only building my first app so do not fully understand it all yet.
Thanks