The Daily
A note a day on APIs and the realities of shipping web applications. Stuff I've actually learned across 25 years of doing the work.
WorkOS: Adding SSO Without Becoming an Identity Company
SSO used to mean weeks of SAML hell. WorkOS changed that calculus — here's what it actually looks like to integrate it.
The last time I integrated enterprise SSO from scratch, I lost two weeks of my life to SAML XML parsing, metadata endpoint confusion, and a client's IT department who couldn't explain why their IdP was returning assertions with the wrong format. WorkOS made that problem mostly disappear — and I want to be specific…
Read the daily →Tailscale Changed How I Think About Network Security
After running traditional VPNs for years, Tailscale quietly shifted my entire threat model. Here's what that actually means in practice.
I've been running VPNs for distributed teams since the OpenVPN days, and I thought I understood the threat model pretty well. Then I spent a weekend migrating NWOS infrastructure to Tailscale and realized I'd been solving the wrong problem for fifteen years. What You Think You're Doing With a VPN The classic VPN story…
Read the daily →Brevo SMTP: SPF, DKIM, and DMARC in 15 Minutes
Brevo's SMTP setup is fast, but if you skip the DNS records, your emails land in spam. Here's exactly what to add and why.
Most developers treat email authentication as an afterthought. They wire up SMTP credentials, send a test, see it land in inbox, and ship. Then two weeks later a client calls because their invoices are going to spam. I've lived that call more than once. Brevo (formerly Sendinblue) is my current go-to for transactional…
Read the daily →Streaming Claude Responses in PHP: What Actually Works
Streaming from the Claude API in PHP is doable, but the path there has some real gotchas. Here's what I learned shipping it in production.
Streaming LLM responses is one of those features that looks trivial in Python demos and turns into a two-day detour in PHP. I integrated Claude's streaming API into a Laravel app for a document-review tool last year and came out the other side with a working pattern — and a list of things that will quietly destroy you…
Read the daily →Why Your DBA Hates Your PostGraphile-Generated Queries
PostGraphile is genuinely impressive until you look at what it's actually sending to Postgres. Here's what surprised me.
PostGraphile is one of those tools that feels like a cheat code the first time you point it at a Postgres schema and get a fully typed GraphQL API in under a minute. Then you go to production and your DBA — or in my case, me wearing the DBA hat — starts looking at and has a very bad afternoon. I want to be clear: I…
Read the daily →