Colleagues cannot seem to grasp that allowing a user to manually update a field via an Api, that only business process should update is a bad idea.

The entire team of around 10 'software developers' cannot grasp that just because the frontend website won't set it doesn't mean its secure. I have tried many times now...

Just an example honestly... Our project follows a concrete repository pattern using no interfaces or inheritance, returning anaemic domain models (they are just poco) that then get mapped into 'view models' (its an api). The domain models exist to map to 'view models' and have no methods on them. This is in response to my comments over the last 2 years about returning database models as domain transfer objects and blindly trusting all Posts of those models being a bad idea due to virtual fields in Ef.

Every comment on a pull request triggers hours of conversation about why we should make a change vs its already done so just leave it. Even if its a 5 minute change.

After 2 years the entire team still can't grasp restful design, or what the point is.

Just a tiny selection of constant incompetence that over the years has slowly warn me down to not really caring.

I can't really understand anymore if this is normal.