Codify SaaS Blog
Code-first guides and deep dives on building B2B SaaS products, designing APIs, scaling web apps, and modernizing legacy software.
Idempotency in SaaS APIs — How to Make Your Endpoints Safe to Retry
Idempotency is the difference between a network timeout that costs you a customer and one you never notice. Here is a complete API idempotency implementation for NestJS — idempotency keys, database deduplication, interceptors, race condition handling, and testing — so your endpoints are safe to retry.
API Versioning Strategies — How We Handle Breaking Changes Without Breaking Client Integrations
The breaking change that broke a client's integration at 2am taught us everything about API versioning. Here is how we handle URL and header versioning, deprecation timelines, NestJS versioned controllers, and database migrations across API versions.
GraphQL vs REST for SaaS APIs — A Decision We Made for a Real Project
A client specifically requested GraphQL for their SaaS dashboard. Here is exactly how we evaluated GraphQL vs REST, what we chose, the nestjs/graphql implementation, DataLoader, auth resolvers, and the things GraphQL made harder.
REST API Design Mistakes We Made on Our First SaaS and How We Fixed Them
We made every REST API design mistake you can make building a SaaS. Verbs in URLs, no versioning, no pagination, no idempotency, no rate limiting — and we fixed them all. Here is exactly what we changed and why.
How to Build a Public Developer API for Your SaaS — Documentation, SDKs and Sandbox
A public developer API is the difference between a SaaS that third-party developers can integrate with in hours versus weeks. Here is how we build them — OpenAPI docs, sandbox environments, auto-generated SDKs, developer portals, rate limiting tiers, and abuse handling.
Stripe Subscription Billing in NestJS — Complete Implementation With Webhooks
A quarter of your SaaS churn is billing failures, not product problems. Here is a complete Stripe subscription billing implementation in NestJS with every critical webhook event handled — checkout, invoices, failed payments, plan changes, cancellations, and dunning.
How to Integrate Third-Party APIs Reliably — Patterns We Use to Handle Failures
Third-party API integrations fail at the worst possible time. Here are 7 reliability patterns we use in production — timeout, retry, circuit breaker, fallback, abstraction, monitoring, and testing — with full NestJS code.
How to Implement API Key Authentication in NestJS for Your SaaS
JWT auth works for your own users. API key auth works for everyone else's servers. Here is how we built a production-grade API key system in NestJS — generation, hashing, scopes, rotation, rate limiting, and a management UI.
NestJS Rate Limiting — 4 Production Strategies With Full Implementation Code
We did not have rate limiting on our first public API. We learned why that was a mistake when a client's integration loop sent 50,000 requests in 12 minutes and the database fell over. Here are the 4 strategies that fixed it.
JWT Authentication in NestJS With Refresh Tokens — Production Implementation
I shipped a single-token JWT auth system once. It worked until I realized that if the token was stolen, I had zero options — no revoke, no rotate, just watch and wait for the 24-hour expiry. Here is how to do it right in NestJS.
OAuth2 Social Login in NestJS — Google, GitHub, and LinkedIn With Passport.js
Setting up one OAuth provider is copy-paste work. Setting up three — Google, GitHub, LinkedIn — with account linking and token lifecycle management is where the real engineering starts. Here is the exact implementation we use.
OWASP Top 10 for SaaS APIs — How We Audit Our Own Code
We run a security audit before every client launch. Here is the exact checklist we use — the eight OWASP Top 10 vulnerabilities that matter most for SaaS APIs, with NestJS code-level fixes for each one.