Project Overview
Blabber.ai is a creator-focused communication platform that facilitates voice and messaging automation.
Technical Highlights
- Performance Optimization
- Security Hardening
- Automation & CI/CD Pipelines
Business Challenge
- Subscription sync failures between Stripe and Supabase resulting in access resolution issues.
- Webhook queue delays under concurrent payment events.
- Security vulnerabilities in access control checks on public API endpoints.
- High Sentry exception volumes prior to public release.
System Constraints
- Zero-Downtime Hardening: System upgrades had to be deployed to the live staging environment without interrupting ongoing user testing.
- API Latency Constraints: Supabase database latency and external webhook handlers had to respond within a 500ms SLA.
- Strict Compliance: Payment and session management flows had to adhere to security best practices without introducing heavy operational overhead.
Engineering Approach
SazM executed a launch readiness audit, profiling database queries and API routing structures. A decoupled webhook handler was introduced to process Stripe subscription lifecycles asynchronously, and access controls were hardened at the Supabase Row Level Security (RLS) and API gateway levels.
System Architecture
- Frontend & Routing: React and Next.js frontend integrated with Next.js API routing.
- Database & Auth: PostgreSQL database hosted on Supabase, secured with custom Row Level Security (RLS) policies and session-based authentication checks.
- Payment & Event Tier: Decoupled Stripe webhook receiver with retry and idempotency validation layers.
Technical Stack
Measurable Outcomes
- Production readiness audit and launch validation checklist.
- Hardened Supabase database schema with optimized PostgreSQL queries.
- Idempotent Stripe webhook handler with built-in retry mechanisms.
- Decoupled API endpoint security validations.
- Audited platform codebase for launch readiness
- Stabilized Stripe subscription lifecycle syncing
- Decoupled high-frequency webhooks for webhook reliability
- Hardened authentication and external APIs boundaries
- Resolved Sentry errors and optimized production query flows
Lessons & Insights
- Webhook integrations must be idempotent at the database layer; network retries will duplicate incoming events.
- Client-side security checks are insufficient; database-level security policies (like Postgres RLS) are critical to defend multi-tenant architectures.
