Question about Information Security & Quality Assurance projects

Hi guys. I’m currently working on ‘Information Security & Quality Assurance’ projects and I’m not sure in which way those projects should be done.
Should I build them as an API microservice or those projects are meant to be standalone apps with its interfaces and all other things which come with a fullstack app?

Looks like a node app to me.