Integrations
Setup, verification, and failure modes for GitHub/Auth/Payments/Analytics.
Integration model
GitHub (connect + import)
Open: [/settings?tab=github](/settings?tab=github)
Before importing:
- bot/user has repo access
- pending invitations accepted
- repo is writable
Auth (callback URLs)
Most auth bugs are callback URL mismatches across environments.
- register preview callback URLs
- register production callback URLs
- redeploy after changes
Payments (keys + webhooks)
Rules:
- preview uses test keys
- production uses live keys
- webhooks: signature verification + idempotency (store processed
event.id)
Copy/paste prompt:
Implement robust webhook handling:
- verify signature with webhook secret
- idempotency by event id
- update entitlement/order status only after confirmed events
Acceptance: webhook retries never create duplicates.Analytics (Umami)
Minimum:
- verify realtime/pageview
- add 3–5 stable events (
signup,checkout_started,purchase_completed)
Secrets & environment safety
- Keep dev/prod secrets separate.
- Redeploy after updating secrets.
- “Dev works, prod fails” is usually keys or callback URLs.