Dashboard

Implemented OAuth 2.0 flow with PKCE for the authentication service. Refresh tokens are stored securely and rotated on each use. Access tokens expire after 15 minutes.

API rate limiting strategy: 100 requests per minute for free tier, 1000 for pro. Use sliding window algorithm with Redis for distributed rate limiting.

Database connection pooling: max 20 connections per worker. Connection timeout 30s, idle timeout 10m. Use pgBouncer for transaction pooling.

Webhook retry strategy: exponential backoff starting at 1s, max 1 hour. 5 retry attempts before marking as failed. Implement idempotency keys.

Vector embedding model: use text-embedding-3-small for cost efficiency. 1536 dimensions. Normalize vectors before storing. Cosine similarity for search.

React Query best practices: staleTime 5min, cacheTime 10min. Use optimistic updates for mutations. Implement proper error boundaries.

Git workflow: feature branches from main, squash merge, delete after merge. Require PR reviews and CI passing before merge.

Docker multi-stage builds: use alpine for final image, node:18-slim for build. Keep image under 100MB for faster deployments.

JWT token structure: header.payload.signature. Use RS256 for production. Store secrets in environment variables, never in code.

Monitoring setup: Grafana for dashboards, Prometheus for metrics, Loki for logs. Alert on 95th percentile latency > 500ms.