Stay up to date with practical insights on backend engineering, system design, and building reliable software.
IDOR (Insecure Direct Object Reference) is consistently the most common API vulnerability. It occurs when an API endpoint accepts a resource identifier and returns or modifies the resource without verifying the caller has permission to access that specific resource.
Read moreA Rails API that works correctly for the team that built it is not the same as one that's pleasant to integrate against. Here are the design decisions that determine whether clients come back with questions or with praise.
Read moreWebhooks are HTTP callbacks from your system to your customers' systems. Delivering them reliably — with retries, signature verification, and delivery tracking — requires more infrastructure than a simple HTTP call. Here is the complete pattern.
Read morefilter, map, and forEach are intuitive. The operations that unlock streams as a serious data processing tool — groupingBy, flatMap, reduce, and custom collectors — require more explanation. Here is that explanation.
Read moreSpring Boot applications deployed to Kubernetes need specific configuration to behave correctly under orchestration — proper health probes, graceful shutdown, container-aware resource limits, and externalized configuration. Here is the complete setup.
Read more