Guides

A practical reference to encoding, hashing, encryption, and signing—what they are and when to use each.

A practical guide to hashing and HMAC—how they differ, what problems they solve, and how to choose the right approach for integrity and authentication.

A practical guide to authenticated encryption — what AEAD is, how AES-GCM and ChaCha20-Poly1305 work, and when to use each mode over CBC or CTR.

Learn how password hashing works, why MD5 and SHA-256 are insufficient for passwords, what salting and key stretching do, and which algorithm to use today.

A practical explanation of TLS — what it protects, how the handshake works, certificates and trust, and common mistakes developers make.

The difference between encryption at rest and in transit — threat models, technologies, key management, real-world examples, and common mistakes.

How digital signatures work — hash, sign with private key, verify with public key. Covers signature vs HMAC, real-world uses (JWTs, TLS, code signing), and common mistakes.

Avoid the most costly encryption errors: using encryption for passwords, hardcoding keys, skipping authenticated modes, ignoring certificate warnings, and more.

A practical guide to API authentication — understand API keys, JWT, OAuth 2.0, and HMAC request signing, when to use each, and how to choose the right approach.

A practical guide to HMAC API signing — how to sign requests with a shared secret, prevent replay attacks with timestamps, and verify webhook payloads from Stripe, GitHub, and AWS.

API rate limiting controls how many requests a client can make in a given window. Covers fixed window, sliding window, token bucket, and leaky bucket algorithms, where to enforce limits, and common mistakes.

Understand the full JWT authentication flow — token structure, signing algorithms (HS256 vs RS256 vs ES256), refresh token patterns, and the vulnerabilities that break most implementations.

A practical guide to data formats for engineers — understand CSV, JSON, XML, and Excel, when to use each, and how to validate, convert, and transform data without writing a pipeline.

A practical guide to working with JSON data — how to validate, flatten, diff, convert, and move JSON between systems without writing a full pipeline.

JSON Schema is a vocabulary for defining structure and validation rules for JSON documents. Learn core keywords, practical validation workflows, and when to use JSON Schema in APIs, pipelines, and config files.

A practical guide to DevOps configuration and deployment — understand YAML, DNS records, SSL/TLS certificates, HTTP headers, cron schedules, and robots.txt. Includes validation workflows and common deployment mistakes.

A practical guide to SSL/TLS certificates — certificate types (DV, OV, EV), how certificate chains and trust work, how Let's Encrypt issues certificates via ACME, SANs and wildcards, and how to debug common certificate problems.

A practical guide to cron jobs and task scheduling — understand the five-field cron expression syntax, special strings, common patterns, timezone behaviour, and how cron works in Linux, GitHub Actions, Kubernetes CronJobs, and cloud schedulers.

A practical reference to HTTP request and response headers — what they are, common types, debugging workflows, and how headers affect caching, authentication, and browser security.

A practical guide to API and webhook integrations — request-response vs event-driven patterns, debugging API calls, inspecting webhook payloads, common integration mistakes, and the tools that make it faster.

A practical guide to debugging webhook integrations — common failure modes, step-by-step inspection workflows, logging strategies, and the tools that make it faster.

A step-by-step guide to diagnosing API request failures — from reading status codes and inspecting headers to reproducing errors with cURL and fixing CORS, auth, and payload issues.

Webhook senders retry on failure — your handler will receive the same event more than once. Covers how retries work, deduplication strategies, and how to design idempotent webhook handlers.