Email issues are painful in production. Subscribe to mailer notifications and log message IDs, recipients, and durations. This gives you a lightweight audit trail without adding a heavy dependency.

A per-request statement_timeout is a great “seatbelt” for endpoints that can run bad queries when parameters are unexpected. You can set it for a block; Postgres enforces the wall clock limit.

Clients love predictable pagination. Provide Link headers and totals when feasible. This snippet shows a small helper that generates RFC5988-ish link headers for JSON endpoints.

Race conditions happen. The correct “find or create” in production uses a unique constraint and a retry on conflict, not a naive check-then-insert. Let the database serialize the race.

Authorization libraries are great, but you can also build a lightweight policy scope. The key is to keep it composable: a single public method that returns an ActiveRecord::Relation and nothing else.

Large CSV exports should not allocate huge strings. Use ActionController::Live to stream rows. Include a heartbeat and handle client disconnects gracefully. This is real-world Rails ops code.

When downstream systems degrade, jobs pile up and amplify outages. Add a simple “queue depth guard” so non-critical jobs skip or reschedule instead of making the backlog worse.

APIs are easier to operate when errors are structured and consistent. Wrap errors into a problem-details style response with a stable type and request_id so support can quickly trace issues.

Updating last_seen_at on every request creates hot rows and write amplification. Instead, track last seen in Redis and periodically flush to DB, or only write when the value meaningfully changes.

Auditing isn’t just “save everything”. Capture who did it, what changed, and why. Rails gives you dirty tracking; store diffs in a JSON column. Keep it minimal to avoid ballooning storage.

A robust feature flag read path should be fast, but also resilient to cache outages. Cache the computed result briefly and fall back to DB if needed; keep the interface dead simple.

If you have to hit multiple APIs, you can cut tail latency by running calls concurrently. Keep it bounded and use timeouts. Rails itself is thread-safe for reads; be careful with DB connections and use with_connection for threaded work.