· Iren Saltali · security
Common API Auth Mistakes in Serverless Systems
A practical catalog of auth mistakes that show up when teams move fast on edge infrastructure.
security
Grouped by problem space so readers can follow one topic deeply without hunting across unrelated pages.
- · Iren Saltali · security
How to Handle Refresh Tokens at the Edge
A pragmatic look at what the gateway should own in refresh flows and what still belongs to the application.
- · Iren Saltali · security
Public Routes, Private Routes, and Least Privilege
How to shape an API contract so public endpoints stay useful without turning the gateway into a loose front door.
- · Iren Saltali · security
JWT Issuer, Audience, and Why Tokens Still Fail
A plain-language explanation of the JWT fields that most often break route protection even when the token looks valid.
- · Iren Saltali · security
Supabase OTP for APIs: What Actually Happens
A practical breakdown of the send, verify, and token-validation stages so teams can debug passwordless flows faster.
- · Iren Saltali · security
Auth0 on Cloudflare Workers: What to Document Before You Ship
A documentation checklist for teams using Auth0 routes at the edge so operations and support know how the flow actually works.