Both models work with Slash GraphQL, but we are encouraging users to expose their endpoint directly to clients. Please remember to set up auth rules that lock down any resources you don’t want to expose (remembering to block query / create / delete / update).