I am not entirely sure if they are actually doing this or if it is just a contrived example to show how you can add multiple endpoints to a single phoenix application. I personally do not understand why someone would do something like this in reality. It is incredibly easy to deploy multiple applications to one or more BEAM nodes that I don’t think I would ever do this.

For example: Our load balancer is connected to port 80 where we expose public API however, in our app and we want to expose private diagnostic API on port 8080 as well - by doing it public traffic can only hit our public API(80). We get pretty good protection of diagnostic API without authentication and authorization - of course we may still want to do that - to restrict access, even to traffic from our private network.

So the only thing they get from this is security through obfuscation? The majority of people would not think (or maybe even know how) to change the port to 8080. They even admit that you would still want to add authentication and authorization to it to prevent people from actually hitting it. So why not just skip the second endpoint and build it into the main application, or make a second phoenix or plug app that displays the diagnostic information they are looking for? If you deploy the two applications to the same BEAM node, you would still have access to all of the same diagnostic information.

As an aside, I don’t really think this should have the distributed tag.