Very interesting, I really think that http APIs are just a user management layer that could be easily abstracted away now that we can do so many things client-side.
How do you handle permissions ? or how do you pervent a clients to erase the database ?
