Would it be more sensible for my mobile app to talk directly to ERPNext Rest API? or should I build another layer of API via flask which will call ERPNext api instead? I’m thinking how to avoid my app to calls directly my ERP system. At least it could be more secure.
Yes, because adding another layer is another technical overhead you need to maintain. Are you making your own app for ERPNext? Because we have our own app.