Integrations
Setup, verification, and failure modes for GitHub, Auth, Payments, and Analytics.
Integration model
GitHub (connect + import)
Open: [/settings?tab=github](/settings?tab=github)
Before importing:
- bot / user has repo access
- pending invitations are accepted
- repo is writable
Auth (callback URLs)
Most auth bugs come from callback URL mismatches across environments.
- register preview callback URLs
- register production callback URLs
- redeploy after changes
Payments (keys + webhooks)
Rules:
- preview uses test keys
- production uses live keys
- webhooks require signature verification + idempotency (store processed
event.id)
Copy/paste prompt:
Implement robust webhook handling:
- verify signature with webhook secret
- idempotency by event id
- update entitlement/order status only after confirmed events
Acceptance: webhook retries never create duplicates.Analytics (Umami)
Minimum setup:
- verify realtime/pageview
- add 3–5 stable events (
signup,checkout_started,purchase_completed)
Secrets & environment safety
- Keep dev and prod secrets separate.
- Redeploy after updating secrets.
- “Dev works, prod fails” usually means keys or callback URLs differ.