Right now we have your API and Web Server on two different boxes. What I would like to know is if there is any reason that we cannot have them both on the same server?
In a word, security. Having them on separate machines allows you to lock down the API server more than would be convenient for a public-facing web server. For example, we have our firewall configured so that only our web servers are allowed to connect to the API server, and only on the ports required for that. This makes it much, much more difficult for anyone to attack the API server.
-Morgan
The security is something that I want to keep in mind. We are setting up a new Dev environment and I want all our environments to be the same so I am making sure that we are not having redundant Servers.
Thanks
We separate the API server and web server in our Live environment for the security reasons mentioned above, and the same in our Test environment to keep the environments as similar as possible. But in our development environment, all the servers are on one machine for convenience, as security is not an issue, and we have the architecture already modeled in the Test environment.