Mostly the failure cases — the parts of payment and API work that don't make it into the tutorials.
Gateways retry. Networks drop. The same callback arrives three times. Here's how I design payment webhooks so a double-fire never double-charges — idempotency keys, event dedup, and where to draw the transaction boundary.
Read postThe checklist I run before a FastAPI service ships — the settings that stop the boring, common attacks.
Redirects that never come back, status that lags the callback, users who close the tab — mapping the states most integrations forget.
Why I stopped hand-editing SSH config, and the small CLI I wrote to keep work and personal keys apart.
New posts go out here. Reach me if you want to talk through anything payment- or security-related.
Get in touch