I remember the days of 3-tier client-server computing. This exact problem. How much knowledge does your middle tier need to have about your presentation tier? Do you shape your database schema to your business logic, or provide stored procs that can translate your "pure" schema into the structures required by the middle tier? All of those questions.
The key one we're asking here is "how much business logic do you need in your presentation layer?" Too little then you're round-tripping for simple form validation and your UI is unresponsive. Too much and your UI becomes tightly coupled to your business rules (and you start exposing too much attack surface).
Modern SPA web apps are making a deliberate trade-off, moving more logic into the client so the app is more responsive.
The problem of making the API schema "pure" or tightly coupling it to the UI is the same old "how much business logic sits in the database" debate. Ideally, of course, all endpoints would relate directly to application entities so that changes to the UI don't change the API. But this increases the number of round-trips and reduces responsiveness. Same for rendering HTML on the server - increased round-trips and reduced responsiveness.
The answer depends on the trade-offs that the project needs. Is the API complex and used by lots of clients? Keep it pure.
Is the API small and/or used by only one client? Tailor it to the client?
Is responsiveness paramount? Put as much as possible client-side.
Is security paramount? Put as little as possible client-side.
IMHO there is no right answer that works across all situations, just as there wasn't back in the 3-tier day.
Yeah, but I see them making a lot of the same mistakes that were made back then and I can help but notice that, in the context of web applications, you have an opportunity to render the UI in a trusted environment where the code being executed is guaranteed to be written by a non-hostile by just rendering/executing server-side.
If you throw HATEOS-without-thinking-or-arguing-about-it on top of that, it seems like a no brainer to bias toward that approach.
I used to think that web apps were dumb and thick apps were obviously better in most cases, but I've changed my tune in the last few years as I've come to understand HATEOS and disentangle it from the JSON API quagmire it got into:
The key one we're asking here is "how much business logic do you need in your presentation layer?" Too little then you're round-tripping for simple form validation and your UI is unresponsive. Too much and your UI becomes tightly coupled to your business rules (and you start exposing too much attack surface).
Modern SPA web apps are making a deliberate trade-off, moving more logic into the client so the app is more responsive.
The problem of making the API schema "pure" or tightly coupling it to the UI is the same old "how much business logic sits in the database" debate. Ideally, of course, all endpoints would relate directly to application entities so that changes to the UI don't change the API. But this increases the number of round-trips and reduces responsiveness. Same for rendering HTML on the server - increased round-trips and reduced responsiveness.
The answer depends on the trade-offs that the project needs. Is the API complex and used by lots of clients? Keep it pure. Is the API small and/or used by only one client? Tailor it to the client? Is responsiveness paramount? Put as much as possible client-side. Is security paramount? Put as little as possible client-side.
IMHO there is no right answer that works across all situations, just as there wasn't back in the 3-tier day.