SShortSingh.
Back to feed

Dev Catches Silent Webhook Bug That Would Have Blocked Most Indonesian E-Commerce Payments

0
·1 views

A developer building a Midtrans payment integration for an e-commerce project discovered a critical bug in the webhook handler that would have silently failed all non-card transactions, including QRIS and bank transfers. The flaw stemmed from a fraud status check that required the value 'accept', while non-card payment methods can return a null fraud status since Midtrans' Fraud Detection System does not apply to them. In Indonesia, non-card methods typically account for the majority of e-commerce transactions, making the bug particularly impactful. The developer caught the issue by carefully re-reading official Midtrans documentation on transaction statuses and fraud detection after initially considering the code complete. The fix involved updating the condition to treat both null and 'accept' fraud statuses as valid for marking a payment as successful.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

Why C Compiler Error Messages Confuse Beginners and How to Read Them

C compiler error messages can be difficult to interpret, especially for beginners learning the language's strict syntax rules. When a wrong data type is used, such as assigning a string input to an integer variable, the compiler throws an incompatible type error. A particularly confusing case arises when a function from a missing header file is called — the compiler, unaware of the intended function, searches for the closest match in the available headers and suggests an alternative. This behavior can mislead programmers into thinking they made a typo rather than a missing include error. Understanding these patterns helps developers decode cryptic compiler messages and debug their code more effectively.

0
ProgrammingDEV Community ·

Vibe Coding With AI Agents: Fast Results, Real Risks, and Who Stays in Charge

A developer spent a weekend building a small project almost entirely by describing desired outcomes to an AI agent, with the agent writing, running, and debugging the code autonomously. Tasks that previously took two hours were completed in under ten minutes, and the speed allowed testing multiple approaches in the time it normally takes to set up one. However, the experiment revealed clear pitfalls: vague instructions produced poor code, and the AI occasionally generated clean-looking code that ran correctly but produced wrong results. The developer also noted a risk of losing oversight when the agent made rapid successive changes, making it easy to approve work without fully understanding it. The overall assessment was that AI-assisted coding is a powerful tool when the developer remains the decision-maker, but a liability when used as a substitute for understanding the code being shipped.

0
ProgrammingDEV Community ·

Three Observability Pillars Every LLM App Needs Beyond Standard APM Tools

LLM-powered applications require observability capabilities that go beyond traditional backend monitoring tools like logs, metrics, and HTTP status codes. A DEV Community post outlines three critical pillars for production LLM apps: distributed tracing that captures retries and provider fallbacks, real-time cost tracking that converts token counts into dollar spend per route or user, and evaluation loops that detect quality regressions before end users encounter them. Standard APM traces miss key LLM-specific signals, such as whether a successful 200 response was a cheap fast completion or an expensive frontier-model retry that produced a hallucinated answer. The author demonstrates implementation patterns using a multi-provider AI gateway built with Rust, Axum, and Prometheus, integrated with OpenTelemetry for trace backend compatibility. These principles are presented as stack-agnostic and applicable to any team moving an LLM application from demo stage into production.

0
ProgrammingDEV Community ·

One Developer Questions Whether Open-Source Tools Still Matter in the Age of AI

A developer behind multiple open-source tools, including PACX and several XrmToolBox plugins, is publicly wrestling with whether continuing to build and maintain community tools still makes sense. The question was prompted by a growing number of similar tools appearing online and the rise of AI, which lets individuals quickly generate custom solutions without learning someone else's software. In a reflective essay framed as a dialogue between two internal voices, the author examines whether open-source projects retain value beyond simple throwaway scripts. One perspective argues that AI has made small utility tools redundant, while the other pushes back by distinguishing between minor scripts and more complex, purpose-built tools. The author reaches no firm conclusion, but frames the exercise as a genuine attempt to decide how best to spend limited personal time.