Hello, I'm trying to play with Ory a little bit. I have client side app where I decided to implement self-service ui for Ory and protected routes. Also I have headless server api which requires user context and must be protected with auth.
1. Is it okay if client app will directly call Kratos instance to utilize self-service?
2. Is it okay when client would need some business specific stuff it would call server api and server api would call whoami of Kratos before doing any business logic?