The Daily
A note a day on APIs and the realities of shipping web applications. Stuff I've actually learned across 25 years of doing the work.
Knock Handles Notification Plumbing So I Don't Have To
I wired up Knock for a client's in-app notification center and stopped dreading the words 'can we add email alerts too?'
Every serious web app eventually needs notifications. Not the "we'll send one welcome email" kind — the real kind, where users need to know when something happened, across whatever channel they prefer, with preferences they can actually control. I've built that system from scratch three times and patched it twice. I…
Read the daily →Cloudflare R2: S3 Minus the Egress Fees — What Changes in Your Code
R2 is genuinely useful and the migration from S3 is mostly painless — but there are a few rough edges that will bite you if you're not paying attention.
The egress fees on S3 are a quiet tax that most developers don't notice until a client asks why their AWS bill jumped. I moved a media-heavy e-commerce project off S3 and onto Cloudflare R2 last year and the storage line item dropped substantially — but the thing I actually want to talk about is what changes in your…
Read the daily →WorkOS: Adding SSO Without Becoming an Identity Company
SSO used to mean weeks of SAML hell. WorkOS changed that calculus — here's what it actually looks like to integrate it.
The last time I integrated enterprise SSO from scratch, I lost two weeks of my life to SAML XML parsing, metadata endpoint confusion, and a client's IT department who couldn't explain why their IdP was returning assertions with the wrong format. WorkOS made that problem mostly disappear — and I want to be specific…
Read the daily →Tailscale Changed How I Think About Network Security
After running traditional VPNs for years, Tailscale quietly shifted my entire threat model. Here's what that actually means in practice.
I've been running VPNs for distributed teams since the OpenVPN days, and I thought I understood the threat model pretty well. Then I spent a weekend migrating NWOS infrastructure to Tailscale and realized I'd been solving the wrong problem for fifteen years. What You Think You're Doing With a VPN The classic VPN story…
Read the daily →Brevo SMTP: SPF, DKIM, and DMARC in 15 Minutes
Brevo's SMTP setup is fast, but if you skip the DNS records, your emails land in spam. Here's exactly what to add and why.
Most developers treat email authentication as an afterthought. They wire up SMTP credentials, send a test, see it land in inbox, and ship. Then two weeks later a client calls because their invoices are going to spam. I've lived that call more than once. Brevo (formerly Sendinblue) is my current go-to for transactional…
Read the daily →