- Published on
Master PKCE (Proof Key for Public Clients) for JavaScript SPAs and mobile apps. Learn code verifier generation, state parameters, token storage, refresh flows, and scope design.
Authorization
All Posts
- nodejs (113)
- backend (113)
- system-design (97)
- reliability (61)
- devops (58)
- architecture (54)
- performance (45)
- typescript (40)
- databases (38)
- database (37)
- javascript (33)
- distributed-systems (33)
- security (26)
- automation (25)
- postgresql (25)
- python (24)
- scaling (23)
- kubernetes (21)
- machine-learning (18)
- data-analysis (17)
- microservices (17)
- web-development (16)
- nautal-language-processing (16)
- observability (14)
- llm (14)
- ai (12)
- caching (11)
- my-sql (10)
- api (10)
- testing (9)
- redis (9)
- authentication (8)
- kafka (8)
- monitoring (8)
- 2023 (7)
- react (7)
- frontend (7)
- production (7)
- postgres (7)
- reactjs (6)
- concurrency (6)
- sql (6)
- async (6)
- aws (6)
- next-js (5)
- guide (5)
- best-practices (5)
- clean-code (5)
- nextjs (5)
- python-function (5)
- deployment (5)
- message-queues (5)
- http (4)
- networking (4)
- python-functions (4)
- api-design (4)
- ci-cd (4)
- serverless (4)
- profiling (4)
- event-driven (4)
- migrations (4)
- tools (3)
- docker (3)
- tailwind (3)
- functions (3)
- logging (3)
- background-jobs (3)
- rate-limiting (3)
- gitops (3)
- bugs (3)
- time-series (3)
- jwt (3)
- scalability (3)
- vector-search (3)
- debugging (3)
- grafana (3)
- memory (3)
- refactoring (3)
- rag (3)
- rust (3)
- 2024 (2)
- productivity (2)
- middleware (2)
- async-await (2)
- trpc (2)
- open-source (2)
- express (2)
- rest-api (2)
- sse (2)
- asyncio (2)
- rest (2)
- optimization (2)
- streaming (2)
- argocd (2)
- resilience (2)
- queues (2)
- runtime (2)
- cdn (2)
- operations (2)
- analytics (2)
- aws-lambda (2)
- supply-chain (2)
- mysql (2)
- replication (2)
- read-replicas (2)
- graphql (2)
- orm (2)
- temporal (2)
- workflows (2)
- ebpf (2)
- messaging (2)
- event-sourcing (2)
- loki (2)
- infrastructure (2)
- terraform (2)
- zero-trust (2)
- cost-optimization (2)
- monorepo (2)
- turborepo (2)
- streams (2)
- integration-tests (2)
authorization (2)
- tracing (2)
- opentelemetry (2)
- embeddings (2)
- schema-design (2)
- indexing (2)
- incident-response (2)
- timescaledb (2)
- wasm (2)
- math (1)
- ols (1)
- git (1)
- github (1)
- hacktoberfest (1)
- hacksquad (1)
- holiday (1)
- canada (1)
- images (1)
- hooks (1)
- feature (1)
- writings (1)
- book (1)
- reflection (1)
- arrays (1)
- promises (1)
- closures (1)
- advanced (1)
- es2025 (1)
- ecmascript (1)
- server-actions (1)
- server-components (1)
- fetch (1)
- axios (1)
- reixo (1)
- nestjs (1)
- circuit-breaker (1)
- decorators (1)
- advanced-python (1)
- functional-programming (1)
- fastapi (1)
- langchain (1)
- openai (1)
- list-comprehensions (1)
- pandas (1)
- type-hints (1)
- typing (1)
- python-modules-and-packages (1)
- 12-factor (1)
- cloud-native (1)
- queue (1)
- quotas (1)
- cost-control (1)
- structured-output (1)
- json (1)
- pact (1)
- contract-testing (1)
- integration (1)
- api-gateway (1)
- compression (1)
- api-versioning (1)
- backwards-compatibility (1)
- eks (1)
- karpenter (1)
- node-management (1)
- bff (1)
- mobile (1)
- error-handling (1)
- bulkhead-pattern (1)
- isolation (1)
- bullmq (1)
- bun (1)
- global-distribution (1)
- cloudfront (1)
- chaos-engineering (1)
- clickhouse (1)
- olap (1)
- cockroachdb (1)
- distributed-sql (1)
- global-applications (1)
- multi-region (1)
- container (1)
- image-scanning (1)
- distroless (1)
- containers (1)
- cors (1)
- headers (1)
- cqrs (1)
- cron (1)
- connection-pooling (1)
- schema-changes (1)
- database-architecture (1)
- dataloader (1)
- dependencies (1)
- npm (1)
- deployments (1)
- traffic-shifting (1)
- distributed-locking (1)
- consensus (1)
- database-locks (1)
- ddd (1)
- domain-events (1)
- decoupling (1)
- drizzle (1)
- durable-execution (1)
- async-jobs (1)
- linux (1)
- edge-computing (1)
- cloudflare (1)
- vercel (1)
- elasticsearch (1)
- search (1)
- index-design (1)
- relevance (1)
- error-tracking (1)
- sentry (1)
- event-store (1)
- eventual-consistency (1)
- ui-patterns (1)
- consistency-models (1)
- consistency (1)
- fastify (1)
- feature-flags (1)
- a-b-testing (1)
- ml (1)
- github-actions (1)
- cd (1)
- prometheus (1)
- tempo (1)
- federation (1)
- apollo (1)
- grpc (1)
- protobuf (1)
- health-checks (1)
- helm (1)
- templating (1)
- ports-adapters (1)
- cassandra (1)
- dynamodb (1)
- idempotency (1)
- deduplication (1)
- payments (1)
- iac (1)
- cryptography (1)
- sessions (1)
- tokens (1)
- message-processing (1)
- keda (1)
- autoscaling (1)
- network-policies (1)
- resource-management (1)
- ops (1)
- cpu (1)
- secrets (1)
- vault (1)
- sealed-secrets (1)
- agents (1)
- tool-use (1)
- workflow (1)
- load-balancing (1)
- nginx (1)
- structured-logging (1)
- message-queuing (1)
- ordering (1)
- throughput (1)
- rabbitmq (1)
- sqs (1)
- async-processing (1)
- monolith (1)
- modularity (1)
- tech-debt (1)
- nx (1)
- multi-tenancy (1)
- saas (1)
- multimodal (1)
- vision (1)
- audio (1)
- nats (1)
- event-streaming (1)
- golang (1)
- neon (1)
- cluster (1)
- event-loop (1)
- flame-graphs (1)
- hardening (1)
- backpressure (1)
- vitest (1)
- worker-threads (1)
- oauth2 (1)
- pkce (1)
- openapi (1)
- documentation (1)
- metrics (1)
- distributed-tracing (1)
- jaeger (1)
- outbox-pattern (1)
- cdc (1)
- api-security (1)
- owasp (1)
- webauthn (1)
- passkeys (1)
- fido2 (1)
- penetration-testing (1)
- pgvector (1)
- semantic-search (1)
- vector-db (1)
- platform-engineering (1)
- backstage (1)
- developer-experience (1)
- jsonb (1)
- document-database (1)
- tuning (1)
- query-optimization (1)
- sharding (1)
- prompts (1)
- versioning (1)
- retrieval (1)
- chunking (1)
- clustering (1)
- failover (1)
- locks (1)
- saga-pattern (1)
- transactions (1)
- compensation (1)
- secrets-management (1)
- security-headers (1)
- csp (1)
- hsts (1)
- frontend-security (1)
- istio (1)
- service-mesh (1)
- slo (1)
- sli (1)
- sql-injection (1)
- orms (1)
- sre (1)
- runbooks (1)
- ssrf (1)
- network (1)
- migration (1)
- strangler-fig (1)
- legacy (1)
- infrastructure-as-code (1)
- state-management (1)
- testcontainers (1)
- partitioning (1)
- type-safety (1)
- build-tools (1)
- strict-mode (1)
- types (1)
- filtering (1)
- sandboxing (1)
- webassembly (1)
- webhooks (1)
- real-time (1)
- websockets (1)
- polling (1)
- zero-downtime (1)
- operational (1)
- mtls (1)
- zod (1)
- validation (1)
- Published on
Deep dive into OWASP API Security Top 10 vulnerabilities with production-ready fixes: BOLA, broken auth, data exposure, rate limiting, function level auth, and more.