Writing

Notes on backend, payments and security.

Mostly the failure cases — the parts of payment and API work that don't make it into the tutorials.

LatestPaymentsJun 2026 · 2 min read

Idempotent webhooks: payment callbacks that survive retries

Gateways retry. Networks drop. The same callback arrives three times. Here's how I design payment webhooks so a double-fire never double-charges — idempotency keys, event dedup, and where to draw the transaction boundary.

Read post
SecurityMay 2026 · 1 min

Hardening a FastAPI service: CSP, rate limits and auth

The checklist I run before a FastAPI service ships — the settings that stop the boring, common attacks.

PaymentsApr 2026 · 1 min

UPI redirect flows and the failure cases that bite in production

Redirects that never come back, status that lags the callback, users who close the tab — mapping the states most integrations forget.

ToolingMar 2026 · 1 min

Two GitHub identities on one machine, without breaking ~/.ssh/config

Why I stopped hand-editing SSH config, and the small CLI I wrote to keep work and personal keys apart.

New posts go out here. Reach me if you want to talk through anything payment- or security-related.

Get in touch