Tag
Backend
6 posts
Vercel BotID In 2026: How The Invisible CAPTCHA Actually Works, And Where It Earns Its Place In My Stack
Vercel BotID went GA in mid-2025 and quietly replaced the visible CAPTCHA on a lot of indie SaaS sites in 2026. The promise is real: invisible bot detection that catches headless Playwright sessions without making your real users squint at fire hydrants. The price is real too. Here is what BotID actually does under the hood, the Basic versus Deep Analysis tradeoff, the route patterns I protect with it, and the day a single AI scraper convinced me to wire it in front of an endpoint I thought was already safe.
Background Jobs For Indie Developers in 2026: When You Need A Queue, When You Do Not, And What I Actually Use
Every job queue tutorial is written for companies running ten thousand jobs a second. As a solo developer you do not need Sidekiq Pro and a Kubernetes cluster to send a welcome email. Here is the actual background job setup that earns its place for indie projects in 2026, and the day a Stripe webhook taught me why setTimeout was never going to be enough.
Rate Limiting Your SaaS API in 2026: The AI Scraper Problem, Token Buckets, and the Layered Defense That Actually Works
A single AI agent scraped one of my endpoints twenty-three thousand times in a night and turned a $40 OpenAI budget into a $312 invoice before I woke up. Most rate limiting tutorials are written for traffic that pretends to be polite. Here is what actually defending a SaaS API looks like in 2026, with the AI bot wave already through the door.
Zero-Downtime Postgres Migrations: The Mistakes That Locked My Production Database
A single ALTER TABLE on a 40 million row table can freeze your app for forty minutes. Most migration tutorials skip the part where the database is also serving live traffic. Here is what shipping schema changes to a real production Postgres in 2026 actually looks like, including the operations I now refuse to run during business hours.
Server-Sent Events vs WebSockets in 2026: When Each One Actually Wins
WebSockets get reached for by reflex. Half the time the right answer is the boring one nobody talks about: Server-Sent Events. Here is the actual decision framework for real-time features in 2026, and the cost both choices hide from you.
Stripe Webhooks in Production: Idempotency, Retries, and the Mistakes That Cost Me Real Money
Stripe webhooks look like a five-minute integration in the docs. Then a customer is double-charged, a subscription event arrives out of order, your handler 500s for an hour, and Stripe quietly retries the same event 47 times. Here is what shipping webhooks to real billing flows actually looks like in 2026.