SShortSingh.
Back to feed

Bondify verifies Telegram logins locally via HMAC, eliminating third-party API round-trips

0
·1 views

Bondify is an authentication service that lets servers verify Telegram-based logins without making a network call back to Bondify's API. Instead of querying a remote endpoint, the system issues a signed JWT proof using HS256, where the signature is generated with a shared webhook secret known only to the developer's server and Bondify. When a user confirms login through a Telegram bot, the resulting proof can be validated locally with a single cryptographic check using any standard JWT library. This approach means login verification latency depends solely on the developer's own infrastructure, and previously confirmed sessions remain verifiable even if Bondify experiences downtime. A single webhook secret manages both proof verification and webhook signature validation, reducing secret management overhead for developers.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

How Unplanned Work Derails Engineering Sprints and Strategies to Manage It

Unplanned mid-sprint requests — from urgent bug fixes to ad-hoc stakeholder demands — are a leading cause of missed deadlines and developer burnout in software teams. The core problem is not just lost time but the productivity cost of context switching, where a brief interruption can consume far more than the task itself requires. Experts suggest designating one team member per sprint as a dedicated handler for urgent issues, shielding the rest of the team from disruption. Teams are also advised to reserve a 20% capacity buffer for unplanned work and to log every request exceeding 15 minutes as a formal ticket for visibility. Without tracking how much unplanned work a team regularly absorbs, sprint planning will consistently over-commit available capacity.

0
ProgrammingDEV Community ·

Developer Automates Weekly Product Data Tracking Using n8n Scraper Workflow

A developer writing for DEV Community built an automated web scraping workflow using n8n to eliminate three to five hours of manual product data collection each week. The workflow uses a scheduled trigger, HTTP Request nodes, and CSS-selector-based HTML extraction to pull product names, prices, and availability from target pages every morning. Extracted data is automatically logged into Google Sheets with timestamps, while a conditional node sends Slack alerts only when values change between runs. The developer chose n8n over alternatives like Zapier, Make, and custom Python scripts for its open-source, self-hostable model and visual workflow editor. The article also emphasizes ethical scraping practices, including checking robots.txt, setting request delays, and mimicking standard browser behavior.

0
ProgrammingDEV Community ·

How a Structured Review Framework Replaced 'Looks Good to Me' With Real Verdicts

A software engineer reflects on years of approving pull requests based on intuition rather than systematic requirement verification. Using a structured review phase that assigns verdicts — covered, partial, or missing — to each requirement, they discovered that working code does not always mean a requirement is fully satisfied. In one case, a notification scheduler routed calls through a queue in a way the original requirement never anticipated, prompting a 'pass-with-risk' recommendation rather than a simple approve or reject. The engineer argues that 'pass-with-risk' is not a failure verdict but a transparent handoff that names known uncertainties for downstream testing. The experience led them to conclude that traditional code review often mistakes a general impression of correctness for an actual evidence-based verdict.

0
ProgrammingDEV Community ·

FlutterFlow Lets Vibe Coders Build Native Mobile Apps Without Writing Code

FlutterFlow is a visual, low-code platform founded by ex-Google engineers that lets users build native mobile applications through a drag-and-drop interface without writing code directly. Unlike AI vibe-coding tools such as Cursor or Claude, which generate code via chat prompts, FlutterFlow automatically produces clean Flutter code in the background as users design visually. A developer recently attended a FlutterFlow workshop and used the platform to build a Dev.to-style mobile app, highlighting how it lowers the barrier for non-coders to ship real apps. The platform supports deployment across phones, tablets, and computers, and gives developers full ownership of the generated Flutter codebase. With mobile development traditionally requiring large teams and long timelines, FlutterFlow is being positioned as a faster, more accessible alternative for builders looking to move from web to native apps.