This Dot Blog
This Dot provides teams with technical leaders who bring deep knowledge of the web platform. We help teams set new standards, and deliver results predictably.
Systemized Problem Solving in Engineering Leadership Using Data with Ankur Jain
What is it like to transition from technologies to Fractional CTO? How much do systems matter when operating at the C Level? Ankur Jain, Fractional CTO and Founder at Sprout discusses the transition from being a technologist to a fractional CTO, and how to define and meet engineering KPIs. He emphasizes the significance of systemizing and design thinking in problem-solving, stressing the need to understand customer needs and deliver effective solutions. By adopting a systematic approach, businesses can effectively identify and address customer needs. Design thinking, on the other hand, encourages a human-centered approach to innovation, ensuring that technology solutions are not only functional but also user-friendly. Ankur insights remind us that successful technology implementation requires a deep understanding of customer pain points and a commitment to delivering effective solutions. In an era where data is abundant, Ankur emphasizes the value of making data-driven decisions. However, he cautions against relying on biased data, which can lead to flawed conclusions. He advises businesses to carefully analyze and interpret data, ensuring that it aligns with the goals and objectives of the organization. By leveraging data effectively, businesses can gain valuable insights, make informed decisions, and drive growth. Ankur highlights the significance of ensuring product-market fit by closely collaborating with early customers. By actively involving customers in the development process, businesses can gain valuable feedback and insights, ensuring that their products or services meet the needs of the target market. Ankur's emphasis on customer collaboration serves as a reminder that successful technology implementation requires a customer-centric approach, where the end-users' needs and preferences are at the forefront of decision-making. Ankur advocates for mentorship and continuous learning in leadership roles. He emphasizes the value of seeking guidance from experienced professionals and gradually growing within organizations. His insights remind us that leadership is a journey of growth and development, and that embracing mentorship and continuous learning can help individuals navigate the complexities of technology leadership more effectively. Download this episode here....
Jul 26, 2024
2 mins
Revolutionizing Pharma using Cutting-Edge Digital Innovation with Lee Dash
Lee Dash, SVP of Digital Innovation at Medistrava, sheds light on the pivotal role of user experience (UX) within pharmaceuticals. Lee underscores the importance of effectively delivering scientific content to healthcare professionals and the inherent challenges in innovating UX within an industry steeped in traditional systems. This episode navigates the complexities of adapting user-friendly interfaces to pharmaceutical contexts and the ongoing endeavors to elevate UX. Lee stresses the significance of optimizing the content supply chain and user testing to ensure a seamless user experience. In an arena where scientific information holds paramount importance, presenting it in an easily accessible and comprehensible manner for healthcare professionals is essential. By integrating user feedback and conducting thorough testing, pharmaceutical companies can refine their digital platforms to meet the diverse needs of stakeholders, encompassing medical science liaisons, patients, researchers, and physicians. A notable takeaway from the dialogue is the necessity for customized solutions tailored to the distinct requirements of various stakeholders within the pharmaceutical industry. Each faction possesses unique needs and preferences concerning the access and utilization of scientific content. By comprehending these specific needs, pharmaceutical entities can develop user-friendly interfaces that resonate with the preferences of each stakeholder group. This approach not only enhances user experience but also bolsters the overall efficacy of digital platforms. Lee Dash shares the significance of assembling a versatile development team equipped with multifaceted skills. In an industry characterized by rapid evolution, having a team capable of adapting to shifting technologies and user expectations is imperative. Additionally, Lee talks about the importance of infusing technical acumen into leadership teams. By cultivating leaders well-versed in the technical intricacies of digital innovation, pharmaceutical companies can drive efficient and effective development processes. Download this episode here....
Apr 30, 2024
2 mins
Transforming Platform Engineering Through Chargeback Programs with Shuchi Mittal
Shuchi Mittal, the Head of Cloud enablement at Honeywell, discusses how she as a leader in platform engineering has been able to transform internal platform engineering teams at other organizations by providing teams with value-added services, and how they effectively managed costs. She talks about how to treat these teams as customers, and delivering services that meet the customer needs, but also charging them for their usage. By providing policy-compliant infrastructure and unique services tailored to their requirements, platform engineering teams can showcase their commitment to supporting the success of other teams within an organization. This approach not only fosters trust but also positions platform engineering as a strategic partner rather than just a service provider. By going beyond the basic infrastructure provisioning, the platform engineering team can offer services that help development and product teams streamline their processes and improve efficiency. Shuchi shares her work at Fiserv where she implemented a chargeback system to track usage and costs effectively, incentivizing better development practices. This not only helped in managing costs but also encouraged teams to optimize their resource utilization, leading to improved overall efficiency and more easily scalable systems. Her platform engineering team recognized the importance of effectively managing financial aspects to secure upfront investment for product development. By implementing a billing system based on gigabyte hours, they aligned costs with usage, enabling teams to have a clear understanding of their resource consumption. This approach not only provided transparency but also incentivized teams to adopt cost-effective practices. By strategically managing financial aspects, the platform engineering team gained the trust of stakeholders and secured the necessary resources to drive innovation and deliver value to the organization. Shuchi’s journey of platform engineering serves as a valuable example of how a team can transition from being a basic service provider to becoming an innovation partner within an organization. By building trust, offering value-added services, and strategically managing financial aspects, the platform engineering team successfully elevated their role and became a strategic enabler of innovation. Download this episode here....
Apr 16, 2024
2 mins
The People Pillar Mental Model of Management with Hima Pingili
Hima Pingili, VP of Data and Software Engineering at Cipherhealth, discussed the pivotal role of the "people pillar" engineering leadership mental model. She underscored the significance of investing in team members and offering transparent feedback to facilitate their growth, emphasizing that investing in people significantly contributes to job satisfaction and retention. Hima also elaborated on the importance of establishing individual goals, fostering continuous feedback loops, and promoting collaboration as essential elements for team success. A key takeaway from the interview was the emphasis on developing team members. Hima stressed the value of investing in people's growth, even if its impact isn't immediately measurable. By providing avenues for advancement and skill enhancement, leaders can enhance job satisfaction and retain top talent within their teams. This focus on the "people pillar” is fundamental for constructing a thriving engineering team. Hima highlighted the necessity for systematic, data-driven feedback that offers actionable insights for individual improvement. Through consistent feedback mechanisms and clear goal setting, leaders can empower their team members to evolve and realize their full potential. Building trust through open communication and regular feedback is essential for nurturing a positive and productive work atmosphere. Lastly, Hima underscored the profound impact of effective management on employee retention and the importance of tailored growth opportunities. Acknowledging and addressing employees' needs is crucial for fostering enduring relationships and organizational prosperity. By prioritizing the growth and development of team members, leaders can cultivate a supportive and collaborative environment conducive to job satisfaction and sustained success. Download this podcast episode here....
Apr 2, 2024
2 mins
Are Product Roles Going Away? with Maggie Pint
Maggie Pint, Engineering Manager at Istari, discusses the trend for companies to focus on streamlining their processes and reducing complexity to deliver products faster and more efficiently versus spending time on innovation this past year. This trend has led to the convergence (maybe consolidation) of product management and engineering roles, where engineers are not only responsible for building the product but also for shaping its strategic direction. Maggie and Tracy discuss whether this is good for the business, or something that should be more concerning to watch out for. Maggie talks about design in the product role and emphasizes the significance of design beyond aesthetics. It's not just about making things look pretty; it's about understanding user needs and creating intuitive experiences. User research skills and customer engagement are becoming essential for engineers, as they need to build products that truly resonate with their target audience. They talk about companies like Airbnb and Apple are leading the way in this regard and the successful integration of design thinking into their engineering processes, resulting in innovative and user-friendly products. By involving engineers in the entire product development lifecycle, from ideation to delivery, these companies are able to create seamless experiences that delight their customers. Download this episode and listen now!...
Mar 6, 2024
1 min
Optimizing for Tangible Business Outcomes in Engineering with Nael Alismail
Nael Alismail is the Head of Engineering at ImagineX and shares his insights on the challenges of balancing innovation with constraints, navigating technology choices, and aligning engineering efforts with tangible business outcomes. Nael's pragmatic approach underscores the importance of understanding business goals, making strategic technology decisions, and fostering a culture of iterative development. Download this episode here....
Mar 1, 2024
1 min
How Vim Transformed My Workflow for the Better
Discover how diving into Vim transformed my coding workflow...
Dec 20, 2023
5 mins
Software Team Leadership: Risk Taking & Decision Making with David Cramer, Co-Founder & CTO at Sentry
In this episode of the engineering leadership series, Rob Ocel interviews David Cramer, co-founder and CTO of Sentry, delving into the importance of decision-making, risk-taking, and the challenges faced in the software engineering industry. David emphasizes the significance of having conviction and being willing to make decisions, even if they turn out to be wrong. He shares his experience of attending a CEO event, where he discovered that decision-making and conflict resolution are struggles even for successful individuals. David highlights the importance of making decisions quickly and accepting the associated risks, rather than attempting to pursue multiple options simultaneously. He believes that being decisive is crucial in the fast-paced software engineering industry. This approach allows for faster progress and adaptation, even if it means occasionally making mistakes along the way. The success of Sentry is attributed to a combination of factors, including market opportunity and the team's principles and conviction. David acknowledges that bold ideas often carry a higher risk of failure, but if they do succeed, the outcome can be incredibly significant. This mindset has contributed to Sentry’s achievements in the industry. The interview also touches on the challenges of developing and defending opinions in the software engineering field. David acknowledges that it can be difficult to navigate differing viewpoints and conflicting ideas. However, he emphasizes the importance of standing by one's convictions and being open to constructive criticism and feedback. Throughout the conversation, David emphasizes the need for engineering leaders to be decisive and take calculated risks. He encourages leaders to trust their instincts and make decisions promptly, even if they are uncertain about the outcome. This approach fosters a culture of innovation and progress within engineering teams. The episode provides valuable insights into the decision-making process and the challenges faced by engineering leaders. It highlights the importance of conviction, risk-taking, and the ability to make decisions quickly in the software engineering industry. David's experiences and perspectives offer valuable lessons for aspiring engineering leaders looking to navigate the complexities of the field....
Nov 28, 2023
2 mins
Tech Turnarounds and Unveiling Health Tech's Potential: Insights from Fractional C-Suite Executive Denise Smith
Tracy Lee sits down with Denise Smith, an accomplished fractional C-suite executive specializing in technology turnarounds, mergers, and acquisitions. In this conversation, they explore the world of health tech, and discuss the critical role engineering leaders play in understanding and navigating the financial aspects of their businesses. Denise’s journey into the tech world began with a degree in chemistry from Spelman College. She found her niche in technology by coding SQL databases and working on Y2K projects. This pivot marked her entry into technology consulting and set the stage for her career in the industry. Her current role involves being a fractional C-suite executive, such as a CTO, CEO, or COO, for companies in need of turnaround expertise or support during mergers and acquisitions. The Exciting Landscape of Health Tech: Denise's specialization in health tech offers her unique insights into the convergence of technology and healthcare. She highlights the opportunities to leverage technology to help people thrive in the digital age, focusing on digital equity and how solutions can empower populations to access vital information quickly. In the context of health tech, technology can play a crucial role in aiding first responders during emergencies and improving overall response times. Pivoting and Adaptation in the Face of Challenges: The interview explores the impact of the COVID-19 pandemic on tech companies, particularly those focusing on COVID-related solutions. Denise acknowledges that many companies faced challenges when the immediate need for their products diminished as the pandemic situation improved. She emphasizes the importance of pivoting business strategies to discover new opportunities and income streams. Denise's role often involves analyzing customer segments and generating product roadmaps to drive revenue growth. Guiding Principles for Successful Leadership: Denise's expertise extends beyond technology to financial literacy and leadership strategy. She emphasizes the significance of engineering leaders understanding their company's financials, such as customer acquisition costs and customer long-term value. This knowledge empowers leaders to make informed decisions and contribute to the overall growth and success of the business. Additionally, she stresses the importance of empathetic leadership and fostering a positive company culture during times of change and adaptation. Unexpected Paths to Leadership Success: One of the standout aspects of the interview is Denise's recommendation to explore unconventional routes for leadership development. She shares her experience with the BLCK VC program (Black Venture Capital), which exposed her to venture funding and financial insights that significantly impacted her leadership journey. Denise's story underscores the value of embracing unique learning opportunities that broaden leadership skillsets. Denise Smith's insightful interview provides valuable takeaways for engineering leaders seeking to navigate business challenges and drive growth. From understanding financial metrics to fostering empathy and embracing non-traditional learning experiences, her journey and expertise offer a refreshing perspective on the intersection of technology, leadership, and business success....
Aug 16, 2023
2 mins
Avoiding Burnout for Remote Teams: A Software Engineer's Guide
Pull up a chair, my fellow coders, team leads, and everyone working from a desk in their pajamas. Let's talk about something that's been buzzing around like an annoying fly we've been trying to swat: burnout. Yeah, we all know what I'm talking about. The long hours, the lack of sunlight (my plant is getting a better tan than me - just kidding, I don't have a plant), the never-ending to-do list, and the work-life balance hanging by a thread. If you're nodding along, then you're in the right place. In this piece, we'll navigate the maze of remote work and uncover ways to keep that nasty burnout at bay. And I promise there won't be any code debugging here, just some light-hearted yet meaningful advice coming your way. Ready to dive in? Awesome, let's get started! Setting Clear Boundaries Working from home has its perks. No commute, comfortable attire, and flexible hours. But let's get real. The downside is that work can become a 24/7 gig if you aren't careful. My living room turned office, turned dining room, makes me feel like I'm always on duty. So how do we fight this? We do what we do best. We set some boundaries. Defining a workspace is essential, even if it's just a corner of the room. This physical boundary tells your brain "I'm in work mode now." Trust me; your brain will thank you for it. Next comes the schedule. I'm not talking about planning every minute of your day, but having a structured work schedule is crucial. Have a defined start time, breaks, and, most importantly, a shutdown time. And let me tell you, this shutdown time is non-negotiable. Like the last slice of pizza at a party, you don't touch it, and I've got to admit, I struggle with it, but I am working on it. Asynchronous Communication With a team spread across the globe, synchronicity is a luxury we can't afford. We've got people working from their night to match our day, and that's just not fair. What can we do about this? Embrace asynchronous communication. Let's do away with the pressure of immediate responses. People can respond in their time, respecting their work hours. And let's be honest, most of our communication doesn't need instant answers. Time differences are not villains but part of our remote work reality. Results Over Hours A common misconception about remote work is that "the more hours I work, the more productive I am." Well, that's as far from the truth as I am from my next vacation. The focus should be on results, not hours clocked in. Set realistic goals and trust your team to manage their time effectively. This trust is essential for a remote team. After all, we don't have someone peeping over our shoulder, making sure we're working. Or at least I hope not! Mental Health Support Mental health: the elephant in the room. Why do we tip-toe around it? Stress, anxiety, and burnout are real, and they're here. It's high time we address them. Resources like Employee Assistance Programs, mindfulness apps, and virtual fitness classes are excellent support systems. But they're not magic potions. They need regular utilization, and we need to make our team comfortable with seeking help. Let's make it our strength, not a weakness. Regular Breaks Do you know what's the quickest way to burnout? Working without breaks. I know we've all been guilty of it at some point. But let's change that. Taking breaks is not a luxury; it's a necessity. Short walks, quick exercises, or just stepping away from the screen can do wonders. I even tried the Pomodoro technique, and it's a game-changer. Another thing you could do is schedule lunch breaks in your calendar so your colleagues know when not to try to reach you. You can additionally set your focus times in your calendar so that you can maximize your time in flow state without interruptions. Prioritize Effective Communication Communication. It can make or break a remote team. Without physical cues, messages can be easily misinterpreted. Open, transparent, and empathetic communication is the solution. Regular check-ins and feedback sessions also help keep things running smoothly. After all, we're a team, and teams need to talk! Training and Development Boredom is a silent killer in remote work. And the best defense is learning. Offering training and development opportunities enhances skills and breaks the monotony. Who would want to learn something other than a new language or skill? Plus, it aligns with our long-term career goals. It's a win-win situation. Time Off I can't stress this enough. Time off is essential! We need to recharge, relax, and rejuvenate. Encourage your team to disconnect during their time off fully. Trust me; the world will only end if we check our emails for a few days. I tried it, and I'm still here! Empathy and Flexibility Last but not least, empathy and flexibility. Everyone's situation is different. Let's show understanding for those juggling childcare, living in different time zones, or dealing with personal issues. Let's be leaders who are empathetic and flexible. Conclusion In the world of remote work, prevention is better than cure. And the prevention of burnout comes with boundary setting, asynchronous communication, focus on results, mental health support, regular breaks, effective communication, continuous learning, time off, and empathy. With these in place, we can navigate the remote work culture while keeping our sanity intact. So let's dive in, shall we?...
Jul 31, 2023
4 mins
Effective Communication Strategies Within The Software Development Organization
Have you ever been in a situation where you thought you were communicating effectively, only to realize later that the other person misunderstood what you were saying? Have you ever communicated with someone only to hear that they felt you provided way too much detail, or that you didn’t provide nearly enough detail? Communication in the workplace is how ideas, updates, directions, etc are transferred to others. Each party in a software development organization has differing needs and expectations when it comes to workplace communication. By learning to tailor your communication to meet the needs of each stakeholder, you can become a more effective communicator and achieve greater success within your organization. The requirements of various parties that you interact with in the workplace can vary wildly depending on several factors. Your awareness of these individualized communication preferences and how you can give each party what they want and need will impact your effectiveness in your daily activities, your perception by others, and even your upward mobility within the organization. That's the power of communication, and why it's so important to master effective communication strategies in the workplace! In this article, we'll explore the different types of stakeholders in a software development organization, the communication strategies that work best for each group, and how effective communication can help you advance your career in the industry. We'll start by discussing the difference between “communication” and “effective communication”, before diving into the different types of stakeholders in a software development organization. Then, we'll explore the communication strategies that work best for each group, and provide actionable tips for improving your communication skills. Communication vs. Effective Communication When it comes to communication, it's important to remember that the intended message is only effective if it's received and understood by the recipient, regardless of their background or level of familiarity with the topic. Effective communication is about sharing thoughts, ideas, opinions, knowledge, and data in a way that ensures that the message is received and understood by the recipient. With effective communication, the sender and receiver leave the exchange feeling satisfied. There is a shared understanding of what was intended to be transmitted by the sender. Stakeholder Types In any organization, you have many different types of parties involved in a software project. Let's group the parties involved in software development into three categories for the sake of clarity: - Development Team - This consists of individual contributors, project managers, scrum masters, QA testers, UX designers, UI designers, architects, etc. - Product Team - The product team is made up of a diverse group of individuals, including product owners, business analysts, architects, and more. - Executive Team - CTO, CEO, etc. Each of these parties requires a different type of communication, a different level, and has different needs from your interactions to allow you to provide value from what you are saying and to for them view you as an effective communicator. Let’s talk a bit about what each of these parties needs, and how you can interact with them in the most meaningful way possible. Development Team This is the most detailed version of the interaction. This group needs to be communicated with on the level of individual tickets and the details of those tickets. When interacting with the development team, it's important to focus on the nitty-gritty details of each task, ensuring that everything is sorted through meticulously. With this group, we will sort through specific implementation details. An example of interaction with someone from this group might look like this, “I am currently working on ticket 473, and trying to get the checkbox to behave correctly during testing. I have no blockers currently.” Product Team This group will be communicated with at the level of features and larger increments of work such as project milestones. This group is interested in chunks of a project, milestones, progress on the overall initiative, etc. An example of interaction with someone from this group might look like this, “The team is wrapping up development of the new Project X User Interface and will be moving to the implementation of the functionality next”. Executive Team This group is interested in the conversation at the highest levels of abstraction. Generally, they will be more concerned with things at the overall project level. When updating the executive team, it's important to provide high-level updates that summarize progress and focus on next steps. For example, you might say, 'We're making great progress on Showcase X and are on track to complete it soon. Next, we'll be shifting our attention to project Y.' Types of Communication What are some of the types of communication? It’s a great question. When you begin to study various communication styles, you will read about different personality types, and how those personalities interact with the world around them. You might hear things like aggressive, passive-aggressive, passive, and assertive communication styles. While understanding these can help you communicate effectively, we will focus on how different roles in a company require different levels of detail and specificity in their interactions. Your Natural Communication Style We all have a natural way that we prefer to communicate. Some are very direct and assertive. We might tend to be very to the point, with no filler, no fluff. Others might naturally tend to be more verbose, to fill in lots of details and context and information. Some naturally meet somewhere in the middle on the spectrum of detail vs direct higher-level type of communication. There is no right or wrong answer, but you must be aware of your natural tendencies in conversation, and know how to use those effectively, or tailor your communication style to a specific situation or audience. Benefits of Tailored Communication What are the benefits of tailored communication? The primary benefits of tailoring your communication to different stakeholders are that you can provide each person with what they want and need in a way that resonates with them. For instance, I once had to adapt my communication style when working with a highly detail-oriented developer who preferred a more granular level of communication. This eases the amount of effort required by the other party to understand you, and allows them to be more effective in taking your message forward. It increases the perception of your effectiveness, and credibility in their eyes as well. If people know that you are someone who can communicate with multiple parties with varying interests and needs, and do so effectively, you will be trusted with more responsibility, and be given more opportunities. Using Effective Communication To Advance Your Career As you can see, developing effective communication skills is a powerful way to advance your career in the software development industry. How have you seen effective communication impact your work? People who are seen as effective communicators have staying power in an organization. They are viewed as competent and necessary. They are given positions of authority and trusted to get things done. I remember that, when I was just starting out in software development, I struggled to communicate effectively with stakeholders at different levels of the organization. But over time, I learned the value of tailoring my communication to each person's unique needs, and it has paid off in my career in countless ways. Basic Strategies For Improving Your Communication Know your audience When preparing for a presentation or conversation, it's essential to consider your audience and tailor your communication style to their needs. What are some strategies you use to ensure your message is received and understood? Write notes in advance, when possible Draw an outline or even the bulk of what you need to deliver before the time comes. Even if you don’t ultimately use these notes directly, preparing them will help you to distill your thoughts and clarify your message, as well as review that they have the appropriate amount of detail for the intended audience. Practice your delivery Though you will not always be giving a speech, talking through what you plan to say will help you to see gaps, smooth the flow, and make sure that you are comfortable with the material you will be presenting or communicating. Conclusion In this article, we learned about the importance of effective communication, strategies for improving your communication, and the direct and indirect positive impacts these improvements can have on your effectiveness and value in the organization. We explored various strategies and approaches to improve communication. Development in this area can yield amazing results for you as you make the investment to improve your skills. We hope you enjoyed this article, and found it helpful. If you have any questions please feel free to join the discussions going on at starter.dev or on our Discord....
Apr 26, 2023
6 mins
How to Set Up OAuth with a Stripe App
Stripe Apps are a great way to extend Stripe dashboard functionality using third-party integrations. But when using these integrations, developers must prioritize security. The best way to do this is by using OAuth with the third-party product with which you would like to integrate. However, there are some constraints, and we cannot use cookies to set up a cookie based authentication front-end only. In this article, we would like to show you how to do it with a NestJS back-end. Stripe signatures The best way to secure your API is by making sure that every request comes from a verified Stripe App instance. The @stripe/ui-extension-sdk package provides a way to generate a signature on the front-end side. This signature is valid for 5 minutes, and you can send it as a header for every request you make. For this to work, you need to have @stripe/ui-extension-sdk installed in your repository. ` In order to properly validate this signature on your API, you will need some additional information to be sent in the request headers as well. That information is the Stripe user's ID, and the Stripe account's ID. We found that the best way is to implement a global context with this information. ` The above context stores the ExtensionContextValue that gets passed from the Stripe dashboard to the app when it opens in the view. For example, if you are on a payment detail page, the userContext will contain information about your Stripe user, while the environment will provide you access to the object that you are viewing. In the above example, that would be the payment's ID as the objectContext.id property. Let's set up the view with this global context. ` Now, we can set up a hook to provide a proper fetch method that always appends a Stripe signature, and the other required fields to the headers. useFetchWithCredentials hook In order to make our future job easier, we need to set up a hook that creates a proper wrapper around fetch. That wrapper will handle setting the headers for us. It needs to have access to our GlobalContext, so we can get the Stripe user's, and their account's, IDs. ` Let's set up a very basic component for demonstrating the use of the useFetchWithCredentials hook. This component will be the default route for our app's navigation wrapper. It is going to handle more later. But for now, let's just implement a basic use for our hook. The AUTH_INIT_URL constant will point at our back-end's /api/oauth/userinfo endpoint. Please note that, for this to work, you are going to need to install react-router-dom. ` As we can see from the above implementation, this component will be the initial component that gets rendered inside of the application. It will send out a request to determine if the user is logged in. If they are logged in, we are going to send them to a route that is the first page of our application. If they are not signed in, we are going to redirect them to our login page. This initial call, just as every other API call, must be verified and always have a Stripe signature. Let's visualise how routing looks like right now: ` Stripe secrets and the Stripe API In order to be able to use the Stripe NodeJS Api, you will need two secrets from Stripe. One is your Stripe account's API key, and the other one is your Stripe-app's secret. You need to set up your .env file as the following. ` Stripe API key You can find your Stripe API key at https://dashboard.stripe.com/apikeys, under the Standard keys section. The key you are looking for is called Secret key, and you need to reveal it by clicking the button that hides it. Stripe App Secret For this key, you are going to need to upload your stripe-app using the stripe apps upload command. Make sure that you set a development app ID in your app manifest (stripe-app.json). After you uploaded your app, visit https://dashboard.stripe.com/apps. Under My Apps, you should see your uploaded application. Open it and search for the Signing secret. Reveal it and copy it into your .env file. Stripe NodeJS API Please make sure you have installed the stripe nmp package for your server code. In this example series, we use NestJS as our framework for our API. We need the above two secret keys to be able to start up our Stripe API. ` NestJS VerifySignatureInterceptor implementation In NestJS, we can use interceptors to abstract away repetitive logic that needs to be done on multiple requests. In our case, we need to verify almost every API for a valid Stripe signature. We have access to the proper secret keys, and we have a Stripe NodeJS API set up. Let's create our VerifySignatureInterceptor. ` Every interceptor must implement the intercept() method. We extract the Request object from the execution context, and we get the headers that we previously set in our useFetchWithCredentials hook. We call our verifySignature function which will throw errors if the signature is invalid. We also pass the Logger instance, so we can determine when an error comes from this interceptor in our logs. Please be aware that there are several reasons signature verification can go wrong, like if we provide the wrong Stripe account keys or app secrets. In order for you to be able to easily debug these issues, proper logging is a must. That is why we set up a Logger instance in our interceptor. ` If the user_id, account_id, or the signature are missing, that could mean that the request came from outside a stripe application, or the useFetchWithCredentials hook was not used. We throw a BadRequestException that will result in the request sending back a status: 400 HTTP response. If the signature verification fails, that could mean that a not valid signature was used in the request, or that the API environment variables might have the wrong keys. Set up the userinfo endpoint Let's quickly set up our /api/oauth/userinfo endpoint. For that, we are going to create the OauthModule and the OauthController. ` In our controller, we decorate our getUserInfo() method, with the @Get() decorator, so we set up the route. We also decorate the method with the @UseInterceptors() decorator, where we pass our VerifySignatureInterceptor. ` This setup will enable us to call the /api/oauth/userinfo endpoint which will, in-turn, check if we have a valid signature present in the headers. If the request is invalid, it will throw a 400 Bad Request exception. If the signature is valid, for now, we will throw a 401 Unauthorized exception just to make our front-end navigate to the login page. The Login flow Just to keep this example simple, our login page will only have a button in the center that will start our login flow with our API. ` We need to create a state key, that can be validated before we fetch the token. This state key will first be sent to our third-party oauth client, and it will be returned to us when the authentication is finished. This key is passed securely and over https. Therefore, it can be a stringified object. While the key is not set, we disable the button. ` Pressing the Sign in button will call our API that will redirect us to our third-party login screen. When the login happens, it will redirect us to our API, where we can fetch a valid token and redirect again to the Stripe dashboard. Let's extend our environment variables. ` Now that we have every environment variable set up, let's implement our api/oauth/login and api/oauth/authorise endpoints in our OauthController. ` The login endpoint, if everything is correct, redirects us to the login page where the user should be able to log in. Make sure that if you oauth client needs to have configured redirect urls, you configure them. For example, for development, the http://localhost:3333/api/oauth/authorise endpoint should be in the allowed redirect url list. ` We validate everything to be sure that this endpoint was called from our third-party OAuth page. With the information available to us, we can fetch the access token and store it in the Stripe Secret Storage. In this example, we use axios in our bakc-end to send requests to our third-party API. ` We exchange our code returned from our OAuth client to a valid access token, and then store it in the Stripe Secret Store. That logic got extracted into a SecretService class, because the logic implemented in it can be reused later for other API calls. Please make sure you set up a NestJS module that exports this service. Stripe Secret Store Stripe's Secret Store API enables your app to securely store and retrieve strings that can be authentication credentials, tokens, etc. This API enables users to stay logged in to third party services even when they log out of their Stripe dashboard. Let's set up a service that handles access to the Secret Store on our back-end. ` Adding secrets As we can see above, the Secret Storage needs some preliminary setup, which we do in our SecretService. The StripeResource sets up the find, set, and delete methods on the Stripe Api, and interacts with the Secret Store. Let's implement the addSecret method, so we can actually store our returned token. ` With the above, we can finally store our token with which we can make authenticated requests. Getting secrets Let's implement the getSecret so we can retrieve secrets. The principles are the same. We will need the accountId, the userId, and the secret's name for it. ` Let's close the login flow, and implement the final version of the api/oauth/userinfo endpoint. ` Deleting secrets We want our users to have ability to log out from our third-party API as well. That can be achieved by deleting their access_token from the Secret store. ` The /api/oauth/logout endpoint is going to be a GET request, that will delete the token from the Secret Store. ` We can create a SignOutLink that will send the request to our back-end and navigates to the /login page. You can put this component into the footerContent property of your ContextView. ` And now we are ready with our authentication setup. When the user opens our app, it will call the /api/oauth/userinfo endpoint. Initially, it will return with a 401 error, and our front-end will navigate to the /login route. When the user presses the Sign in button, it will redirect them to the third-party OAuth page. After they log in, our back-end also redirects them back to their Stripe dashboars where the application will open. The app will call the /api/oauth/userinfo endpoint again. But this time, it will return an actual user information and it routes to the protected route. To help visualize the whole flow, you can also use the following sequence diagram for reference: Conclusion As you can see, there are many steps involved in setting up a proper OAuth flow. However, it's necessary to make it right, since this is the most critical part of the app. We hope blog post article will help you to set up some good foundations when implementing your own Stripe app....
May 24, 2022
8 mins