I am using xml-rpc to insert data from a desktop app to a webserver database.
I want to do basic things like AddUser. Should I have the desktop app figure out if the user exists before adding a new user or not adding the user?
Or should I just send all of the information needed and let the xml-rpc server figure out if the user needs to be added or not?
Basically, do I put this logic in the desktop or in the webserver?
It depends. Remember, others can access your API too, not just the client. Security-related logic should always be in the server. Example: what happens if a user already exists and an attacker adds it anyway? In this case, the server should check if a user already exists. Just one function that returns if the user got successfully added. You could add a function for checking if the user exists too, this will allow your client to check if a name is free without adding it etc.
CPU-intensive logic should always happen in the client, but usally, you should put as most logic as possible in the server.